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CLEAR  CHOICE  TEST: 

APPLE  SNOW  LEOPARD  SERVER 

A  faster,  smoother 
breed  of  cat 

Mac  OS  X  10.6  features  several 
new  collaboration,  multimedia 
applications.  PAGE  28 


Cisco  data  center  guru  speaks 

John  McCool  on  market  shifts,  computing  paradigms 

Mk  As  a  13-year  Cisco  veteran,  John  McCool,  senior 
■A  vice  president  and  general  manager  of  Cisco’s 

Data  Center  Switching  and  Services  Group,  has 
seen  a  boatload  of  change.  He  is  responsible 
for  the  strategy,  engineering  and  marketing  of  Cisco’s  family  of 
enterprise  Ethernet  switching  solutions,  including  the  Catalyst 
series,  the  Nexus  data  center  switches  and  the  MDS  storage-area  network  line. 
Network  World  Editor  in  Chief  John  Dix  and  Managing  Editor  Jim  Duffy  recently 
got  McCool  on  the  phone  to  find  out  what  he  sees  coming  down  the  pike. 


You  face  renewed  competition  on  many  fronts 
and  the  core  technologies  continue  to  evolve. 
How  do  you  see  the  market  changing? 

It  has  always  been  a  highly  competitive  market, 
and  we  have  tried  to  set  the  pace  through  inno¬ 
vation  focused  on  convergence  of  solutions 
over  IP  and  the  development  of  services  on  top 
of  that.  That  strategy  has  not  wavered  at  all. 


For  example,  we  integrated  layer  3  technolo¬ 
gies  with  layer  2  and  showed  the  value  to  the 
marketplace.  And  we  showed  how  we  could 
integrate  TDM  networks  with  voice  over  IP 
and  led  in  that  architectural  innovation.  What 
has  changed  are  the  frontiers.  There  is  the 
convergence  of  compute  and  storage  transport 

Sec  Cisco,  page  22 


New-look 
Juniper 
unfurls 
wider  net 

BY  JIM  DUFFY 


JUNIPER  NETWORKS’  announcements 
last  week,  billed  as  the  most  significant  since  its 
founding  in  1996,  included  a  sweeping  array  of 
software,  silicon,  systems  and  partnerships 
designed  to  take  the  company  and  its  custom¬ 
ers  into  the  next  decade  of  networking. 

The  big  splash  was  staged  on  the  40th  anni¬ 
versary  of  the  Internet’s  birth,  hosted  by  the 
New  York  Stock  Exchange  (Juniper’s  most 
recent  showcase  account)  and  featured  the 
unveiling  of  Juniper’s  new  corporate  logo. 

Why  the  makeover? 

“It  puts  a  stake  in  the  ground  for  our  vision  for 
the  next  decade,”  said  Juniper  CEO  Kevin  John¬ 
son  at  the  event.  “We’re  driving  to  a  platform 
view  that’s  horizontal  and  open  to  integration: 
one  platform  with  unlimited  applications.” 

With  that,  Juniper  unveiled  its  new  strategy 
for  opening  and  licensing  its  JUNOS  operat¬ 
ing  system  to  developers  and  partners.  Juni¬ 
per  actually  opened  up  JUNOS  two  years  ago 
under  its  Partner  Solution  Development  Plat¬ 
form  (PSDP)  program,  and  Cisco  soon  followed 
with  a  similar  program  for  IOS. 

See  Juniper, page  1 7 


Will  Smart  Grid 
power  IPv6? 

Modernization 
of  the  country’s 
electric  grid 
may  provide 
the  push  IPv6 
needs.  Page  14 


Risks  surround  Skype  for 
Business 

Want  to  use  Skype 
as  a  way  to  save 
money?  You 
might  want  to  wait 
until  the  courts 
settle  lawsuits 
swirling  around 
the  company.  Page  20 


Smarter  technology  for  a  Smarter  Planet: 

Thinking  outside  the  box 
depends  on  what’s  in  the  box. 

The  systemic  inefficiencies  in  many  server  rooms  today,  in  terms  of  both  energy 
consumption  and  utilization,  are  becoming  unsustainable.  It  isn’t  simply  a  question 
of  cost  —  it’s  also  about  maintaining  day-to-day  operations.  A  recent  study  found 
that  an  estimated  half  of  all  businesses  experience  IT  outages  due  to  power  and 
cooling  issues.1 

As  we  build  out  the  infrastructure  of  a  smarter  planet,  companies  need  to  consider 
not  only  how  much  power  is  under  the  hood  of  their  next  server  purchase,  but 
also  how  much  energy  will  be  consumed  to  provide  that  power.  That’s  where 
smarter  tools  like  the  IBM  BladeCenter®  HS22  come  in.  It’s  designed  to  give  you 
greater  efficiency  at  every  level,  from  its  highly  efficient  design  and  Intel®  Xeon® 
Processor  5500  Series  to  its  advanced  management  software  like  IBM  Systems 
Director  that  actively  monitors  and  limits  power  consumption.  All  of  which  can 
add  up  to  93%  in  energy  savings  over  the  previous  generation  of  rack  servers. 

Learn  how  you  can  see  a  return  on  your  investment  in  as  little  as  three  months2 
at  ibm.com/hs22 

Systems,  software  and  services  for  a  smarter  planet. 
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'Source:  IDC  Market  Analysis  #21 5870,  Volume  1 ,  December  2008,  Worldwide  Server  Energy  Expense  2008-201 2  Forecast.  Return  on  investment  and  power  savings  calculation  based  on  1 1 :1  consolidation 
customer  configurations  and  environment.  For  more  information,  visit  www.ibm.com/smarterplanet/claims.  IBM,  the  IBM  logo,  ibm.com,  BladeCenter,  Smarter  Planet  and  the  planet  icon  are  trademarks  of 
at  www.ibm.com/legal/copytrade.shtml.  Intel,  the  Intel  logo,  Xeon  and  Xeon  Inside  are  trademarks  or  registered  trademarks  of  Intel  Corporation  in  the  United  States  and  other  countries.  ©  International 


ratio  scenario  of  1 66  Intel  1 U  2  socket  servers  to  1 4  BladeCenter  HS22  servers  and  savings  in  energy  costs,  software  license  fees  and  other  operating  costs.  Actual  costs  and  savings  will  vary  depending  on  'f'dividual 
International  Business  Machines  Corp. ,  registered  in  many  jurisdictions  worldwide.  Other  product  and  service  names  might  be  trademarks  of  IBM  or  other  companies.  Acurrent  list  of  IBM  trademarks  is  available  on  the  web 
Business  Machines  Corporation  2009.  All  rights  reserved. 
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...IT’S  RCN  METRO 

The  Smarter  Choice 


In  an  Unpredictable  World, 

You  Need  a  Network  You  Can  Count  On. 


RCN  Metro  provides  highly  reliable,  customized  communications 
solutions  for  your  most  important  business  needs.  No  other 
provider  can  match  our  network  diversity,  award-winning  service 
and  industry  expertise. 


Our  customers  wisely  stake  their  reputation  on  us  every  day. 


We  think  you  should  too. 


1*  METRO 

Optical  Networks 


For  a  better  way  to  communicate,  call  us  888-955-6875. 
We’ll  provide  you  with  a  FREE  consultation  and  help 
you  identify  ways  to  improve  your  current 
communications  service,  www.rcnmetro.com 
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Happy  40th  birthday,  Internet 


The  Internet  was  born  40 
years  ago  Oct.  29  when 
UCLA  computer  science 
professor  Leonard 
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from  a  host  computer 
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3M’s  MProl20  Pocket 
Projector  fits  in  the 
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Facebook  revamp  brings  dead  to  life 


Facebook  fielded  the  usual  barrage  of  nega¬ 
tive  comments  when  it  recently  made  over  its 
homepage,  but  one  unexpected  complaint  had 
to  do  with  the  profiles  of  dead  acquaintances 
automatically  showing  up  in  the  new  Sugges¬ 
tions  field  on  the  page.  Facebook  made  the 
best  of  an  awkward  situation,  though,  by  alert¬ 
ing  users  that  they  can  now  memorialize/ 
archive  the  profiles  of  dead  loved 
ones,  a  move  that  can 
also  prevent  the 
profiles  of  the 
dead  coming 
to  life  on 
others’  pages. 


Novell-SCO  court  battle  goes  on  and  on 

Novell  is  seeking  a  90-day  stay  from  a 
federal  appeals  court  so  it  can  petition  the 
U.S.  Supreme  Court  to  review  a  decision  in 
its  ongoing  case  against  SCO  that  reversed 
a  ruling  affirming  Novell’s  ownership  of  Unix 
copyrights.  Novell  has  asked  the  10th  Circuit 
Court  of  Appeal's  to  stay  until  Jan.  18,  2010 
the  court’s  54-page  decision  in  August  that 
included  a  reversal  of  a  2007  summary  judg¬ 
ment  that  found  Novell  was  the  owner  of  Unix 
and  UnixWare  copyrights.  That  decision  was 

made  by  Judge 
Dale  Kimball  of 
the  U.S.  District 
Court  for  the 
District  of  Utah. 
Novell  reported 
that  it  had 
contacted  SCO’s 
lawyers,  who 
said  they  object 
to  the  stay. 
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PEERSAY 


The  electric  industry 
should  keep  it  simple 

Re:  Q&A:  Why  IP  is  the  right  choice  for  Smart 
Grid  (http://tinyurl.com/yjmrenq): 

Do  we  really  need  to  replace  all  the  existing 
(150  million)  meters  with  what  the  industry  is 
calling  Smart  Meters  (wireless  no  less)?? 

What  the  electric  industry  wants  here  is  to 
monitor/report  on  and  control  what  goes  into 
the  home  via  the  meters.  What  we  really  need 
is  a  series  of  simple  programmable  devices  that 
operate  in  the  home  connected  to  the  big  user 
appliances  and  allow  the  end  user  (and  this  is 
key)  the  ability  to  remotely  access/manage  and 
control  these  devices.  The  Internet  can  allow 
this  today  with  a  proper  remote  access  and  con¬ 
trol  service. 

By  doing  that  the  electric  utility  can  gain 
access  to  their  meters  via  these  devices  and  the 
customers  in-home  (IP)  broadband  data  net¬ 
works  (DSL/cable  modem  or  Ethernet  FTTH 
services.) 

Meter  reading  does  not  help  anyone  manage 
their  consumption,  other  then  the  utility.  We 
need  to  allow  both  parties  to  access  and  control 
their  consumption. 

The  IP  standard  is  in  place  today  or  can  be 
made  available  with  future  IP  wireless  net¬ 
works  to  allow  all  the  above  to  happen. 

jimA. 

Verizon  coverage  could 
suffer  with  Android 

Re:  Motorola  Droid  vs.  Apple  iPhone  3GS:  finally, 
a  contender?  (http://tinyurl.com/ygxuaud): 

Verizon  makes  all  these  wild  claims  about 
coverage,  and  about  things  like  multitasking. 
What  they  can’t  claim  is  the  investment  made 
in  a  little  thing  called  tower  backhaul  capacity. 
Simply  stated,  that’s  the  pipe  from  the  cell  tower 
to  network  core,  and  Verizon  is  behind  AT&T  in 
upgrading  theirs. 

Why  does  ths  matter?  Complaints  about 
AT&T’s  network  are  mostly  based  on  speed  and 
dropped  calls  —  and  most  of  that  is  due  to  the 
tremendous  increase  in  network  utilization 
brought  about  by  the  iPhone.  Verizon  still  has  a 


heavily  voice-oriented  network  that,  if  Android 
is  a  hit,  will  make  AT&T’s  problems  pale  by 
comparison. 

panzrwagn 

Microsoft  can’t  halt  the 
evolution  of  open  source 

Re:  Microsoft  Linux:  Why  one  free  software 
advocate  wants  it  (http://tinyurl.com/yhqqtfz): 

In  my  opinion,  in  post-Gates  and  post-Ballmer 
times,  Windows  will  become  Microsoft’s 
byproduct.  Microsoft  will  become  a  hardware 
rather  than  a  software  producer.  A  new  gen¬ 
eration  will  be  more,  say,  open-minded  (pun 
intended). 

The  evolution  towards  open  software  and 
Linux  can  be  slowed,  but  cannot  be  stopped. 
People  stay  with  Windows,  not  because  it  would 
be  better,  but  merely  because  they  are  used  to  it. 

This  is  changing,  however,  an  increasing 
number  of  people  have  at  least  heard  of  Linux 
and  are  even  interested  in  it,  and  are  curious 
about  this  free  (as  in  free  beer)  and  virus-free 
operating  system. 

Free  as  in  free  speech  is  less  important  to 
Average  Joe,  who  thinks  about  his  wallet,  but 
the  result  will  be  the  same.  Moreover,  kids  grow 
up  with  computers:  to  them,  in  time,  Linux  will 
be  as  obvious  as  Windows. 

GeertBachot 

The  problem  with  Windows  is  there  is  too  much 
old  code.  Microsoft  could  fix  all  of  the  problems 
with  Windows  by  starting  over  and  using  the 
lessons  they  have  hopefully  learned  in  the  past 
years  to  build  a  new  version  of  Windows  that 
is  better  than  their  current  offerings.  Sadly,  it 
doesn’t  appear  that  they  are  interested  in  fixing 
anything ...  or  they  would  have  done  so  by  now. 

If  they  built  Microsoft  Linux,  it  would  be 
horrible  10  years  from  now  too  because  they 
don’t  put  much  effort  into  fixing  current  prob¬ 
lems.  I’ve  used  Linux  since  2001,  and  won’t  use 
anything  else,  but  I  wouldn’t  bother  using  any 
distro  that  Microsoft  released  because  of  their 
track  record. 

IanM. 


One-Day  IT  Event  Coming  to  a  City  Near  You! 

if  STRoadmap 

CONFERENCE  &  EXPO  I 


«  10-IT  tracks;  Vendor  Expo;  Peer  Case-Studies 
K  Feature  sessions  include:  Security; 

WAN  Services;  Network  Management; 
Virtualization;  Data  Centers;  SaaS;  Green  IT; 
UC;  VoIP;  Mobility;  Application  Delivery 
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iXfeCUTIVE 
VIEWPOINT 


Counting  Up  End  User  Benefits 
of  Desktop  Virtualization 

‘Game-changer'  solution  gives  users  the  control  they  want. 


Gordon  Payne,  svp,  citrix  systems,  inc. 

Payne  is  the  senior  vice  president  and  general  manager  of  the  Desktop  Division  for  Citrix, 
a  $1.6B  leader  in  virtualization,  networking  and  cloud  computing.  A  seasoned  industry 
veteran  in  IT  infrastructure,  he  provides  product  leadership  with  a  focus  on  identifying 
new  market  opportunities  and  creating  desktop  virtualization  product  solutions  for  Citrix 
customers  and  partners. 


With  all  the  attention  IT  is  paying  to  desk¬ 
top  virtualization  these  days,  you  may 
well  expect  end  users  to  ask,  “What’s  in  it 
for  us?”  The  answer  is  “plenty,”  according 
to  Gordon  Payne,  senior  vice  president 
of  the  Delivery  Systems  Division  at  Citrix 
Systems,  Inc.  Among  the  benefits  are 
better  performance,  self-service  and 
improved  productivity. 

How  does  desktop  virtualization 
improve  the  performance  of  users' 
desktop  and  laptop  machines? 

The  best  experience  you  have  with . 
your  PC  is  generally  on  day  1,  when  you 
take  it  out  of  the  box.  As  you  use  the 
machine— loading  software,  changing 
settings  and  the  like— its  performance 
starts  to  degrade.  About  two  years  in, 
you’re  getting  frustrated  and  want  to  rei¬ 
mage  it  or  get  a  new  machine.  It's  a  dif¬ 
ferent  story  with  desktop  virtualization. 
Every  single  time  you  log  into  a  desktop 
session,  you’re  getting  a  brand-new 
operating  system  and  the  most  current 
versions  of  your  applications,  all  with 
the  latest  patches  and  updates.  It's  like 
a  day  1  experience  every  time  you  start 
your  desktop. 

What  are  some  important  consider¬ 
ations  in  ensuring  that  users  have 
a  good  experience  with  desktop 
virtualization? 

When  you’re  delivering  desktops  and 
applications  across  a  network,  providing 
a  high-definition  experience  is  about 
protocol  efficiency.  That's  something 
Citrix  has  been  focused  on  throughout 
its  20-year  history,  and  our  Citrix  HDX 


technology  is  the  latest  example.  It’s 
fairly  simple  to  deliver  a  great  user  expe¬ 
rience  with  10  Mbps  of  bandwidth  per 
user.  But  the  real  challenge  is  to  deliver 
that  experience  with  a  small  amount  of 
bandwidth,  because  if  you’re  deliver¬ 
ing  to  50,000, 100,000  or  200,000  users, 
that’s  what  you’ll  need  to  do.  Or  when 
your  users  are  on  the  road,  whether 
across  the  country  with  a  200-millisec¬ 
ond  delay  or  on  an  airplane  using  WiFi, 
companies  need  to  deliver  that  great  user 
experience  with  very  low  bandwidth, 
and  that’s  what  HDX  is  all  about. 

What  are  some  of  the  keys  to  enabling 
network  managers  to  deliver  that  kind 
of  performance? 

It’s  a  matter  of  applying  the  right 
combination  of  technologies  for  each 
specific  user  situation  and  application. 
Those  technologies  may  include  load 
balancing,  HTTP  compression  and 
dynamic  content  caching,  for  example, 
all  of  which  are  included  in  the  Citrix 
NetScaler  application  delivery  control¬ 
ler.  NetScaler  also  includes  an  end  user 
experience  monitor  that  enables  net¬ 
work  managers  to  measure  the  perfor¬ 
mance  of  each  application  from  the  end 
user  perspective,  so  they  get  a  real-world 
picture  of  response  time  and  overall 
performance. 

How  does  desktop  virtualization  help 
meet  user  expectations  about  the 
"consumerization"  of  IT? 

As  you  deliver  applications  on  a  self- 
service  basis  to  users,  they  get  control. 
They  can  pick  and  choose  the  applica¬ 


tions  they  need  in  order  to  do  their  jobs 
and  add  and  remove  applications  on  the 
fly.  It’s  much  like  the  experience  of  going 
to  Google  and  choosing  the  applications 
you  want  or  downloading  music  and  vid¬ 
eos  from  iTunes.  That’s  the  experience 
that  workers,  especially  the  so-called 
millennials  who  are  now  entering  the 
workforce,  increasingly  expect  from  cor¬ 
porate  IT,  because  they’re  so  used  to  it  in 
their  everyday  lives.  Giving  that  control 
to  users  makes  them  happy. 

Consumerization  also  gets  at  the  idea 
of  freedom  of  device:  enabling  users 
to  choose  whatever  computing  device 
they  like.  How  does  desktop  virtualiza¬ 
tion  address  that  issue? 

We  have  a  component  called  Citrix 
Receiver  that  enables  IT  to  deliver  a 
solution  that’s  tailored  for  each  device, 
whether  it’s  a  PC,  Mac,  Windows  Mobile 
device,  iPhone,  BlackBerry— you  name  it. 
Each  application  feels  native  to  the  user’s 
chosen  environment,  so  all  the  gestures 
I  use  on  an  iPhone,  for  example,  work  as 
expected.  If  IT  can  deliver  everything  as  a 
service  but  it  feels  like  the  default  world  to 
the  user,  that’s  a  beautiful  thing. 


FOR  MORE  INFORMATION:  please  visit 
http:/www.  virtualizationvision.com/nww 
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BLOGOSPHERE 

■  Networks  and  the  pandemic.  Network 
World  blogger  Jim  Frey  was  talking  with 
a  colleague  about  the  potential  impact  of 
H1N1  and  business  continuity  planning,  and 
in  particular  the  impact  on  network  opera¬ 
tions.  He  saw  an  article  on  the  topic,  in  which 
the  U.S.  Federal  Government  Accountability 
Office  has  made  pronouncements  about  how 
the  Internet  might  be  affected.  At  first  you 
might  wonder  what  a  healthcare  issue  would 
have  to  do  with  IT.  Well,  it’s  clearly  more  than 
just  a  health  of  the  IT  staff  or  the  health  of 
the  user  community.  As  with  any  business 
continuity  issue,  planning  for  a  pandemic 
situation  means  planning  to  accommodate  a 
significantly  larger  remote  access  population 
than  normal.  You  need  to  make  sure  that  you 
have  the  access  technology  in  place  for  IT  end 
users  to  reach  and  use  the  applications  they 
need  without  being  attached  to  the  campus 
LAN.  Most  shops  have  this  figured  out  already. 
Next,  your  remote  access  infrastructure  must 
be  able  to  scale  substantially.  This  means  hav¬ 
ing  sufficient  bandwidth  within  your  Internet 
access  links,  your  VPN  concentrators,  fire¬ 
walls  and  so  on.  Not  everyone  has  this  figured 
out,  or  at  least  not  to  the  scale  of  a  pandemic 
situation.  More  commonly  in  place  are  plans 
that  will  handle  worker  dislocation  on  a  site  by 
site  basis,  http://tinyurl.com/yk6q2qj 

■  Windows  7  installation  nightmares:  should 
you  wait  until  SP1?.  Network  World's  Microsoft 
Subnet  reported  that  Gartner  declared  enter¬ 
prises  needn’t  wait  for  Windows  7  SP1.  But 
over  the  weekend,  the  Microsoft  help  forums 
were  flooded  with  questions  and  complaints 
from  users  having  installation  problems.  Two 
were  most  reported  by  the  press:  an  issue 
that  caused  some  computers  to  continuously 
reboot  and  an  issue  that  made  the  operating 
system  refuse  to  acknowledge  the  product  key 
from  software  purchased  from  big-name  retail¬ 
ers.  It  all  adds  up  to  the  big  question  for  enter¬ 
prises  —  should  you  wait  for  SP1  before  even 
contemplating  a  Windows  7  cutover?  I  had 
previously  assumed  the  answer  would  be  “no." 
Windows  7  is  really  an  upgrade  to  Vista  and 
even  so,  seemed  to  be  the  most  tested  desktop 
operating  system  Microsoft  ever  produced. 
Microsoft  issued  l-don’t-know-how-many 
beta  versions  to  thousands  upon  thousands  of 
users.  Plus,  the  Gartner  analyst  who  said  there 
was  no  need  to  wait  for  SP1  points  out  that 
Microsoft  now  rolls  out  continuous  software 
updates.  Microsoft  says  that  most  of  these 
installation  problems  are  isolated  instances. 
Let’s  point  out,  too,  that  most  of  the  problems 
being  reported  by  users  are  from  consumer- 
oriented  editions  such  as  Windows  7  Home 
Premium  32-bit.  http://tinyurl.com/ylkqwwx 
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I  m  News  Wire 

Sneak  Peek  at 
Motorola  Droid 

Motorola  unveiled  the  Droid 
mobile  phone  last  week,  the 
first  Android  based  phone 
offered  by  Verizon  Wireless 
and  according  to  the  com¬ 
panies,  the  first  smartphone 
powered  by  Android  2.0. 
http://tinyurl.com/yh4fcjx 


IDG  News  Wire 

Tokyo  Geek  Tour 

Hiroko  takes  Nino,  the  pro¬ 
ducer  of  Akibatteru's  German 
edition,  on  a  tour  of  Tokyo. 
They  check  out  the  Koto- 
bukiya  toy  and  figure  shop, 
Super  Potato,  Yoyogi  Park 
and  Shibuya. 

http://tinyurl.com/yf3g4ef 


IDG  News  Wire 

Toshiba’s  fuel  cell 
gadget  charger 

The  direct  methanol  fuel  cell 
charger  is  a  first  of  its  kind 
device  from  a  major  con¬ 
sumer  electronics  maker.  It 
was  launched  in  late  October 
in  Japan. 

http://tinyurl.com/yjzsper 
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Wireless  helps  hone  data 
center  efficiencies 


WIRELESS:  Enterprise  efforts  to  consolidate 
data  centers  and  install  virtualization  software 
are  taking  a  big  bite  out  of  the  number  of 
power-hungry  application  and  storage  serv¬ 
ers  required  to  support  enterprise  data.  But 
after  taking  this  critical  first  step,  what  else 
can  you  do  to  boost  efficiency?  You  can  move 
from  hatchet  to  scalpel.  In  this  instance,  the 
reference  means  that  once  you’ve  minimized 
your  number  of  power-sucking  devices,  it’s 
time  to  precisely  monitor  and  measure  data 
center  environmental  metrics  so  that  you 
know  exactly  what  adjustments  are  needed  to 
optimize  efficiency.  These  metrics,  of  course, 
are  electrical  power,  heat,  airflow,  cooling,  tem¬ 
perature,  humidity  and  pressure  levels.  Having 
visibility  into  them  on  a  device-by-device 
basis  reveals  the  degree  to  which  they  are  in 
sync  with  each  equipment  manufacturer’s 
recommended  specifications  for  optimal  opera¬ 
tion.  “It’s  hard  to  improve  power  and  cooling 
efficiency  if  you  don’t  know  where  the  waste 
is  in  the  first  place,”  says  Nik  Simpson,  senior 
analyst  in  Burton  Group’s  data  center  strate¬ 
gies  practice.  Let’s  face  it:  it’s  far  easier  and 
less  expensive  to  mount  wireless  sensors  than 
wired  ones.  Not  needing  cabling  lets  sensors 


live  in  many  more  places,  so  you  can  see  a  more 
complete  and  fine-grained  lay  of  the  land  and 
make  precise,  appropriate  adjustments. 

h  ttp://ti  nyurl.  com/yzyy339 

IDENTITY  MANAGEMENT:  It  is  time  to  move 
the  discussion  past  authentication.  We  seem  to 
have  been  stuck  there  for  the  best  10  to  12  years. 
In  that  regard,  Kuppinger’s  posting  seems  a 
good  place  to  jump  start  the  discussion.  He 
writes:  “XACML  (extensible  Access  Control 
Markup  Language)  gains  an  increasing  atten¬ 
tion  as  one  of  tbe  core  standards  in  the  field 
of  information  security  and  thus  IT  security. 
Whilst  standards  like  SAML  (Security  Asser¬ 
tion  Markup  Language)  address  the  problem  of 
authentication,  XACML  is  about  authorization 
—  the  more  complex  threat.”  A  couple  of  years 
ago  I  advocated  moving  away  from  authentica¬ 
tion  discussions  slowly,  that  until  we  were  sure 
who  was  logging  in  discussions  of  what  they 
could  access  was  merely  academic.  Now  it’s 
time  to  move  on.  I  may,  in  fact,  have  denigrated 
the  possibilities  of  XACML.  I’m  still  not  sure 
it’s  the  best  we  could  do  but  —  similar  to  my 
thoughts  on  PKI  —  it’s  the  best  we  can  do  right 
now.  http://tinyurl.com/yhhjby2 


10  NOVEMBER  2,  2009  www.networkworld.com 


OPPORTUNITY 


While  today’s  economy  may  be  challenging,  it  may  also  be  an  opportunity 
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Motorola  Droid  vs.  Apple  iPhone 
3GS:  Finally,  a  contender? 

Last  week’s  formal  unveiling  of  the  Motorola  Droid  smartphone  on  Veri¬ 
zon’s  network  is  the  boldest,  most  open  iPhone  challenge  yet.  The  Droid 
handset  is  almost  exactly  the  size  of  Apple’s  wildly  successful  iPhone, 
but  with  a  sliding  QWERTY  keyboard.  And  it’s  the  first  smartphone  to 
run  the  new  Android  2.0  operating  system.  The  launch  event  underlined 
the  conviction,  or  at  least  the  hope,  of  Motorola  and  Verizon  that  cutting-edge, 
Android-based  wireless  devices  can  challenge  the  iPhone  for  a  big  chunk  of  the 
still-nascent  U.S.  market  for  cellular  data.  The  iPhone  has  been  unexpectedly 
successful  in  the  enterprise  as  well,  with  one  recent  study  finding  that  nearly 
one-quarter  of  its  enterprise  respondents  were  supporting  the  phone.  Android 
will  find  it  tougher  going,  at  least  initially,  http://tinyurl.com/yg4ucar 


Internet  phone  systems  become  the 
fraudster's  tool.  Cybercriminals  have  found  a 
new  launching  pad  for  their  scams:  the  phone 
systems  of  small  and  midsize  businesses  in 
the  United  States.  In  recent  weeks,  they  have 
hacked  into  dozens  of  telephone  systems  across 
the  country,  using  them  as  a  way  to  contact 
unsuspecting  bank  customers  and  trick  them 
into  divulging  their  bank  account  numbers 
and  passwords.  VoIP  hacking  is  “a  new  frontier 
in  the  crossover  world  of  telecom  and  cyber 
[crime],”  said  Erez  Liebermann,  assistant  U.S. 
attorney  for  the  district  of  New  Jersey.  “It  is  an 
ongoing  threat  and  a  serious  threat  that  compa¬ 
nies  need  to  be  worried  about.” 
http://tinyurl.com/ygew92q 

Microsoft  cleans  up  bugs. 

After  releasing  its  largest- 
ever  group  of  security 
patches  three  weeks  ago, 

Microsoft  has  done  a  little 
cleaning  up.  Last  week 
the  company  re-released 
two  security  updates  and 
issued  a  workaround 
for  a  Windows  CryptoAPI  patch  that  caused 
Microsoft’s  own  instant-messaging  server  to 
crash.  The  MS09-056  update  disables  several 
services  that  Communications  Server  needs 
in  order  to  operate.  Another  buggy  patch  fixed 
was  the  MS09-043  Office  update,  first  released 
in  August.  This  was  apparently  misconfigured 
so  that  customers  who  use  Microsoft  update 
tools  such  as  Windows  Server  Update  Services 
were  given  bad  scan  results.  Customers  who 
use  Microsoft’s  tools  may  believe  they’re  fully 
patched,  when  in  fact  they’re  not  due  to  this  bug, 
said  Eric  Schultze,  an  independent  security 
consultant,  http://tinyurl.com/ykxgx9m 

Cisco  puts  up  $183  million  for  ScanSafe. 

Cisco  has  announced  plans  to  buy  privately 
held  ScanSafe,  a  maker  of  software-as-a- 


service  Web  security  services,  for  $183  million. 
The  ScanSafe  acquisition  dovetails  with 
Cisco’s  purchase  of  on-premise  Web  security 
appliance  maker  IronPort.  With  these  two 
deals,  Cisco  will  have  SaaS  and  premises- 
based  Web  security  offerings.  “Cisco  made  a 
big  bet  on  IronPort  back  in  2007,  but  the  last 
major  rev  of  that  platform  in  March  —  unveil¬ 
ing  Cisco  IronPort  Hosted  Email  Security 
—  suggested  that  the  company  still  had  a  long 
way  to  go  before  it  would  have  a  SaaS  version 
of  that  platform  that  could  compete  with  the 
top  tier  messaging  SaaS  vendors,”  said  Paul 
Roberts,  an  analyst  at  The  451  Group,  http:// 
tinyurl.com/yz4y9u5 

ICANN  approves  internationalized  domain 
names.  Starting  in  mid-November,  countries 
and  territories  will  be  able  to  apply  to  show 
domain  names  in  their  native  language,  a 
major  technical  tweak  to  the  Internet  designed 
to  increase  language  accessibility.  Currently, 
domain  names  can  only  be  displayed  using  the 
Latin  alphabet  letters  A-Z,  the  digits  0-9  and 
the  hyphen.  Last  week  the  Internet’s  address¬ 
ing  authority  approved  a  fast-track  process 
for  applying  for  an  internationalized  domain 
name  and  will  begin  accepting  applications  on 
Nov.  16.  The  move  comes  after  years  of  techni¬ 
cal  testing  and  policy  development,  said  the 
Internet  Corporation  for  Assigned  Names  and 
Numbers.  One  of  the  primary  concerns  with 
implementing  IDNs  is  the  security  and  stabil¬ 
ity  of  the  DNS.  http://tinyurl.com/ylqdx52 

EMC  teams  with  Intel  for  power-efficient 
cloud  storage.  EMC  is  working  with  Intel  on  a 
more  energy-efficient  version  of  EMC’s  Atmos 
cloud  storage  system  that  should  be  available 
in  the  second  half  of  next  year,  the  companies 
said.  EMC  can  do  some  things  to  make  Atmos 
more  power-efficient,  such  as  turning  off  disks 
when  they  are  not  in  use.  “But  we  do  not  right 
now  have  the  ability  to  manage  power  at  the 


server  level,”  said  EMC  executive 
Michael  Feinberg.  EMC  hopes  to  release  a 
version  of  Atmos  that  will  be  able  to  do  just  that, 
using  Intel  power  management  tools  that  are 
supported  by  its  5500-series  Nehalem  proces¬ 
sors.  The  Nehalem  chips  work  with  Intel’s 
Node  Manager  tool,  which  can  turn  down  the 
clock  speed  of  its  chips  when  they  don’t  need  to 
work  at  full  capacity.  They  also  work  with  its 
Data  Center  Manager  software. 
http://tinyurl.com/ylqv7vf 

High-tech  talent  set  to  fly.  High-tech  workers 

who  endured  cost-cutting  measures  such  as 
salary  reductions  and  added  workloads  will  be 
looking  for  new  jobs  as  an  economic  recovery 
gets  underway,  according  to  new  research. 
Employees  who  spent  the  past  year  cutting 
costs  and  working  more  will  feel  “disengaged 
and  disenchanted”  with  employers,  says  Caro¬ 
line  Simard,  director  of  research  and  executive 
programs  at  the  Anita  Borg  Institute.  Putting 
companies  more  at  risk  is  the  fact  that  their 
remaining  tech  specialists  hold  more  knowl¬ 
edge  than  they  did  during  better  economic 
times  when  more  job  roles  overlapped,  Simard 
says.  “The  more  employees  companies  had  to 
lay  off,  the  more  likely  those  who  are  left  hold 
more  critical  knowledge  core  to  their  business.” 
http://tinyurl.com/yzlb386 

US-CERT  moves  in  with  NCC,  NCSC.  The 

group  responsible  for  coordinating  U.S. 
responses  to  cyber  threats  is  getting  new  digs. 
Department  of  Homeland  Security  is  moving 
to  a  “unified  operations  center”  in  Arlington, 
Va.,  that  will  be  home  to  the  U.S.  Computer 
Emergency  Readiness  Team.  It  will  also  house 
the  National  Coordinating  Center  for  Telecom¬ 
munications  and  the  National  Cyber  Security 
Center,  which  coordinates  between  agencies 
such  as  the  National  Security  Agency  and  the 
Federal  Bureau  of  Investigation. 
http://tinyurl.com/yz6nol7 
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Cisco  develops  the  Borderless  Network  Cm 
Architecture  to  ensure  enterprises  can 


support  the  growing  demands  for  user 
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location-  and  device-independence 


Users  are  clamoring  for  connectivity. 

It  doesn't  matter  where  they  are,  what  device  they're  us¬ 
ing,  or  what  applications  they  want  to  access,  they  simply 
want  in— and  without  worrying  about  bringing  the  corpo¬ 
rate  network  to  its  knees  or  a  lapse  of  security. 

At  the  same  time,  users  are  becoming  more  multimedia- 
sawy  and  social  by  nature.  That  portends  skyrocketing 
amounts  of  video  and  interactive  user  content  on  the 
corporate  network. 


But  rest  assured,  Hattar  says,  the  borderless  network  is 
not  about  getting  rid  of  security  policy.  "We're  not  propos¬ 
ing  that  you  eliminate  security  borders  but  rather  the  bar¬ 
riers  that  borders  present.  This  is  about  making  borders 
so  transparent  that  you  can  cross  them  at  any  location 
and  not  know  or  be  impacted  from  a  business  productivity 
standpoint  that  borders  are  there,"  she  explains. 

MOBILITY,  VIDEO  AS  DRIVERS 


Running  for  the  hills  might  be  your  reaction  to  these 
mounting  pressures.  Or,  you  could  go  borderless. 

In  fact,  going  borderless  is  the  only  way  to  handle 
the  challenges  effectively,  says  Marie  Hattar,  vice 
president  of  network  systems  and  security  solutions 
at  Cisco  Systems. 

As  Cisco  defines  it,  the  borderless  network  is  a  platform 
for  enabling  customers  to  connect  anyone,  anywhere, 
anyplace  and  anytime  in  a  seamless,  reliable  and  secure 
fashion.  Toward  that  end,  Hattar  says,  Cisco  is  delivering  a 
set  of  technologies  across  its  core  networking  portfolios: 
routing,  switching,  wireless,  security  and  WAN  acceleration. 

"The  borderless  network  is  realized  by  a  set  of  user  ser¬ 
vices  providing  borderless  security,  mobility  and  perfor¬ 
mance,"  Hattar  says.  "Complementary  network  services 
provide  the  connections— systems  if  you  will— that  enable 
that  user  experience.  These  network  functions  can  be 
identity-based  components,  location,  energy  management 
or  media  assurance  for  video  delivery,  for  example." 

BORDERLESS  but  secure 

As  you  consider  the  borderless  network  concept,  think  about 
life  without  a  perimeter  delineating  the  internal  from  external. 
You  no  longer  have  to  worry  about  where  an  application 
resides.  Rather,  you  can  deliver  applications  from  anywhere— 
your  data  center,  the  public  cloud  or  a  hybrid  of  the  two. 

Likewise,  users  do  not  have  to  move  through  a  border 
checkpoint  to  gain  network  entry. 


As  much  as  security  defines  the  borderless  network  and 
necessitates  this  transformation,  so  too  do  mobility  and 
video,  Hattar  adds. 

"The  ability  to  take  mobility  and  location  and  then  integrate 
security,  no  matter  where  you  are  and  what  device  you're 
on,  is  the  hallmark  of  how  the  borderless  network  will 
deliver  seamless  application  access,"  she  says. 

But  perhaps  the  biggest  challenge  for  today's  networks  is 
video,  which  some  analysts  expect  will  make  up  90  percent 
of  all  consumer  Internet  traffic  in  three  years.  That  means, 
organizationally,  you  need  to  be  able  to  embrace  video 
today— and  the  borderless  network  is  tailored  for  that. 

Think  of  it  this  way,  Hattar  says:  "The  borderless  network 
platform  not  only  will  enable  video  and  other  next- 
generation  applications  from  a  performance  perspective, 
but  also  let  IT  scale  those  applications  across  location  and 
device  as  it  ensures  reliable,  secure  experiences." 

Knowing  that  an  influx  of  new  application  demands  will 
inevitably  hit  your  already-strained  network,  now  is  the 
time  to  get  started  architecting  for  the  borderless  network. 
"The  only  way  of  addressing  that  challenge  on  a  perma¬ 
nent  basis  that  will  result  in  better  business  benefits  is  to 
deliver  a  borderless  network,"  Hattar  says. 

Read  expert  blogs,  download  white  papers  and  watch  videos  at 
the  Masters  of  Borderless  Networks  site  on  Networkworld.com: 

www.networkworld.com/community/borderless_networks. 
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ill  Smart  Grid  power  IPv6? 


Billions  invested  in  ‘smart’  meters,  sensors  could  spark  demand 


BY  CAROLYN  DUFFY  MARSAN 


ould  Smart  Grid,  the  Obama  admin¬ 
istration’s  effort  to  modernize  the 
nation’s  electric  grid,  be  the  killer  app 
for  IPv6? 

That’s  what  Internet  engineers  are 
asking  as  they  see  billions  of  dollars  in  stimulus 
funds  pumped  into  smart  electric  meters,  auto¬ 
mated  utility  substations  and  new  sensors  net¬ 
works  —  all  of  which  could  take  advantage  of  the 
abundant  address  space  and  built-in  security 
offered  by  IPv6,  the  long-anticipated  upgrade  to 
the  Internet’s  main  communications  protocol. 

The  White  House  announced  last  week  that 
it  had  awarded  $3.4  billion  in  stimulus  grants  to 
electric  utilities  to  support  100  modernization 
projects.  The  government’s  Smart  Grid  grants 
are  being  matched  with  private  sector  funds  for 
a  total  investment  of  more  than  $8  billion  over 
the  next  three  years. 

Federal  officials  say  Smart  Grid  will  support 
Internet  standards. 

At  issue  is  whether  Smart  Grid  will  support 
the  current  Internet  architecture,  which  is 
built  upon  IPv4,  or  whether  it  could  help  drive 
adoption  of  the  next-generation  Internet  stan¬ 
dard  known  as  IPv6  in  corporate  and  home 
networks. 

With  IPv4  address  space  exhaustion  looming, 
Internet  experts  say  it’s  critical  for  Smart  Grid 
projects  to  embrace  IPv6. 

“If  Smart  Grid  is  going  to  be  successful,  it  will 
support  tens  of  millions  of  devices  or  potentially 
hundreds  of  millions  of  devices.  We  don’t  have 
that  much  IPv4  address  space  left  for  that  proj¬ 
ect,”  says  John  Curran,  president  and  CEO  of  the 
American  Registry  for  Internet  Numbers,  which 
doles  out  IPv4  and  IPv6  address  space  to  ISPs. 

Curran  says  utilities  could  use  private  IPv4 
addresses  hidden  behind  network-address 
translation  (NAT)  boxes  for  Smart  Grid  projects, 
but  that  this  approach  is  more  complicated  and 
has  a  greater  risk  of  error  than  if  utilities  use 
IPv6,  with  its  plentiful  publicly  visible  address 
space. 

Because  IPv4  addresses  are  scarce,  compa¬ 
nies  often  use  NAT  devices  to  share  a  single 
public  IPv4  address  among  dozens  or  hun¬ 
dreds  of  systems  that  use  private,  often  dupli¬ 
cated  IPv4  addresses.  These  private  IPv4 
addresses  cause  problems  if  inadvertently 
leaked  across  the  public  Internet  by  private  IP- 
based  networks. 

“If  Smart  Grid  has  to  do  an  addressing  plan 
that  handles  issues  of  conflicts,  NATs  and  run¬ 
ning  out  of  address  space,  that  makes  their  proj¬ 
ect  a  lot  harder,”  Curran  says.  “It’s  certainly  more 
straight-forward  with  IPv6. 


Smart  Grid  is  a  two-way  data  communica¬ 
tions  system  that  will  provide  electric  utilities 
with  real-time  visibility  and  control  of  the  elec¬ 
tricity  used  by  customers.  Having  a  Smart  Grid 
is  considered  vital  to  the  development  of  renew¬ 
able  energy  sources  such  as  solar  and  wind,  as 
well  as  plug-in  electric  hybrid  vehicles. 

“SmartGrid  is  all  about  delivering  renewable 
energy  and  being  able  to  distribute  renewable 
resources.  We  want  to  have  an  architecture  for 
Smart  Grid  so  that  buildings  with  solar  panels 
and  windmills  can  inject  power  into  the  grid,” 


explains  George  Arnold,  National  Coordinator 
for  Smart  Grid  Interoperability  at  the  National 
Institute  of  Standards  and  Technology  (NIST). 

“IP  and  the  Internet  standards  will  be  a  pro¬ 
tocol  of  choice  in  the  Smart  Grid,”  Arnold  says. 
‘There  may  be  specialized  applications  where  it’s 
not  the  right  fit,  and  so  we’re  falling  short  of  say¬ 
ing  IP  has  to  be  used  everywhere.” 

Arnold  says  he  sees  many  benefits  to  Smart 
Grid  adopting  IPv6  in  the  long  term,  but  that 
some  utilities  have  forged  ahead  with  modern¬ 
ization  efforts  using  IPv4. 

IPv6  is  “a  no-brainer  in  terms  of  the  direction 
of  Smart  Grid,”  Arnold  says.  “However,  we  also 
have  to  support  current  technology.  There  are 
meter  manufacturers  that  are  already  using 
IP,  and  they  are  using  IPv4.  We  need  to  have  a 
strategy  that  leverages  technology  that  is  cur¬ 
rently  available  and  evolves  it  into  the  long-term 
vision.” 

Internet  experts  warn  that  it’s  a  mistake  for 
electric  utilities  to  use  IPv4  in  their  Smart  Grid 
projects. 

“There  are  ISO  million  meters  in  the  United 
States.  If  you’re  going  to  put  an  IP  address  on 
every  meter  node  in  the  U.S.,  you’re  not  going 
to  get  them  with  IPv4,”  says  Richard  Shockey,  a 
former  NeuStar  executive  who  runs  a  consulting 
firm.  “What  the  electric  utilities  have  to  under¬ 
stand  is  that  a  lot  of  the  standards  they  wish  to 
deploy  on  IP  networks  need  to  be  properly  reen¬ 
gineered  for  IPv6.” 

The  Internet  Engineering  Task  Force  (IETF) 


is  hoping  NIST  chooses  many  of  the  group’s 
standards,  particularly  IPv6,  for  Smart  Grid. 

Former  IETF  Chair  and  Cisco  Fellow  Fred 
Baker  has  written  a  document  that  identifies  the 
core  protocols  in  the  IP  suite  that  Smart  Grid 
projects  should  consider  using. 

“Some  views  of  the  Smart  Grid  would  have 
the  utilities  be  able  to  access  appliances  behind 
the  meter  and  talk  to  your  refrigerator,”  Baker 
says.  “If  you’re  going  to  do  that,  you’re  going  to 
need  more  IP  addresses  than  one  on  each  meter. 
That’s  one  place  where  IPv6  becomes  really 
important.” 

Another  argument  for 
IPv6  in  the  Smart  Grid  meter 
interface  is  that  utilities  will 
likely  use  wireless  networks 
to  communicate  with  thou¬ 
sands  of  meters  through  a 
management  gateway  or 
router.  “You  need  a  protocol 
where  you  can  put  that  many 
devices  in  a  subnet.  It’s  pos¬ 
sible  with  IPv4,  but  it’s  easy 
with  IPv6,”  Baker  says. 
Baker  recommends  that 
electric  utilities  always  support  IPv6  in  their 
Smart  Grid  projects,  but  that  they  also  should 
support  IPv4  in  the  short  term. 

“IPv6  is  honestly  a  better  solution,”  Baker  says. 
‘If  you’re  putting 5,000  homes  in  a  single  subnet, 
you  can  do  that  in  IPv4,  but  I  wouldn’t  want  to 
try  it....  We  can  do  it  in  a  simpler,  more  scalable 
and  more  robust  way  with  IPv6.” 

Baker  says  some  utilities  plan  to  use  private 
IPv4  addresses  for  their  Smart  Grid  projects, 
assuming  that  these  Smart  Grid  communica¬ 
tions  will  never  touch  the  Internet.  He  says  this  is 
a  mistake  because  ISPs  and  Web  sites  regularly 
run  into  problems  when  private  IPv4  addresses 
are  accidentally  exposed  to  the  Internet. 

“It’s  just  safer  for  the  utility  industry  to  have  a 
unique  IPv6  address  space,”  Baker  adds. 

Smart  Grid  is  on  a  fast  track  for  deployment, 
and  the  question  of  whether  it  will  embrace  IPv6 
should  be  determined  by  2010. 

The  sheer  size  of  the  Smart  Grid  opportunity 
has  attracted  the  attention  of  the  nation’s  lead¬ 
ing  network  vendors.  BCC  Research  predicts  the 
Smart  Grid  market  will  grow  from  $17.3  billion 
in  2008  to  $37.4  billion  in  2014.  Among  the  net¬ 
work  vendors  that  are  eyeing  this  opportunity 
are  Cisco,  IBM,  Microsoft  and  Google. 

Smart  Grid  “is  huge,”  Shockey  says.  “This  is 
the  biggest  reengineering  of  a  data  communica¬ 
tions  structure  outside  of  a  telco  that  I’ve  seen  in 
the  last  15  years.” 

That’s  why  Shockey  and  others  are  hoping 
Smart  Grid  will  help  drive  IPv6  deployment.  ■ 
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//  You  need  a 
11  protocol  where 
you  can  put  (thousands 
of)  devices  in  a  subnet. 
It’s  possible  with  IPv4, 
but  it’s  easy  with  IPv6. 

FORMER  IETF  CHAIR  AND  CISCO 
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■  Juniper,  from  page  1 

But  the  new  Juniper  push,  called  JUNOS 
Space,  is  intended  to  demonstrate  the  number  of 
diverse  application  and  platform  opportunities 
for  the  Juniper  operating  system. 

“The  API  is  the  same.  They’re  bringing  it  for¬ 
ward,  re-explaining  it,”  says  Eve  Griliches,  an 
analyst  at  IDC.  “It’s  a  larger  marketing  push  [to 
attract]  newer,  additional  platforms,”  she  says, 
likening  it  to  Apple’s  application  recruitment 
drive  for  its  iPhone. 

Licensing  JUNOS  code,  however,  is  new  and  is 
an  effort  to  drive  JUNOS  into  key  markets  where 
it  can  head  off  Cisco.  Blade  Net¬ 
work  Technologies,  a  maker  of 
blade  server  switches  for  data 
centers,  is  the  first  recipient  of  a 
JUNOS  license.  This  will  enable 
Juniper,  Blade  and  data  center 
partners  such  as  IBM  to  offer  a 
single  rack-to-core  operating 
system  for  the  data  center  and 
block  Cisco  from  grabbing  more  of  the  blade 
server  switch  market,  says  Vikram  Mehta,  Blade 
president  and  CEO. 

Anything  would  be  helpful.  Juniper,  which 
entered  the  Ethernet  switching  market  in  2008, 
had  a  1.1%  revenue  share  of  the  $3.8  billion  mar¬ 
ket  in  the  second  quarter  of 2009,  compared  with 
Cisco’s  66.7%,  according  to  Dell’Oro  Group. 

Partners  that  are  building  applications  based 
on  JUNOS  software  include  Active  Broadband 
Networks,  Ankeena  Networks,  Harris  Stratex, 
Packet  Design,  Q1  Labs,  Telchemy,  Telecom  Ita¬ 
lia  and  Triveni  Digital. 

Juniper’s  hardware  refresh 

Juniper  is  also  fortifying  its  hardware  to  gain 
more  share  in  service  provider  edge  routing, 
among  other  markets.  The  company  rolled 
out  a  new  generation  of  processors,  called  Trio, 
designed  to  massively  scale  the  edge  of  the  ser¬ 
vice  provider  network.  It  also  introduced  new 
MX-series  Ethernet  edge  routers  with  “3D”  scal¬ 
ing  of  bandwidth,  subscribers  and  services. 

In  this  market,  Juniper  is  still  chasing  Cisco 
but  is  now  essentially  tied  with  Alcatel-Lucent 
for  second  place  with  19%  revenue  share  of 
the  $1.2  billion  market  in  the  second  quarter. 
Alcatel-Lucent  has  the  momentum,  with  11% 
growth  from  last  year  compared  with  Juniper’s 
14%  decline  and  Cisco’s  38%  drop,  according  to 
Dell’Oro  Group. 

The  3D  technology,  however,  will  give  the 
MX  series  a  fourfold  performance  increase  over 
Cisco’s  ASR9000  and  more  than  twice  that  of 
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Alcatel-Lucent’s  7750  services  router,  says  Kim 
Perdikou,  executive  vice  president  and  general 
manager  of  Juniper’s  Infrastructure  Products 
Group. 

Juniper  also  hopes  the  technology  will  raise 
its  fortunes  in  wireless.  At  last  week’s  event, 
Juniper  disclosed  Project  Falcon,  an  initiative 
to  develop  products  for  the  mobile  packet  core 
and  subscriber  management  of  4G  networks,  as 
well  as  “universal  edge”  applications  integrating 
wireline  and  wireless  networks.  This  attempted 
to  clarify  Juniper’s  position  in  this  market  after 
losing  partner  Starent  Networks  to  Cisco,  which 
is  buying  the  company  for 
nearly  $3  billion. 

Lastly,  Juniper  provided 
an  update  on  its  Stratus 
cloud  computing  project  that 
included  three  steps  to  cloud- 
enable  a  data  center:  simplify 
the  environment  through  a 
unified  fabric  managed  as  a 
single  switch;  share  resources  through  virtual 
partitioning  and  VPLS;  and  secure  the  environ¬ 
ment  with  security  policies  based  on  the  new 
JUNOS  Space  platform  and  enhancements  to 
Juniper’s  SRX  Services  Gateway. 

More  meat  wanted 

Still,  Juniper  did  not  disclose  deliverables  for  the 
Stratus  or  Falcon  projects.  And  attendees  were 
still  clamoring  for  more  meat  from  the  event, 
which  seemed  fixated  on  sweeping  technology 
advances  rather  than  specific  solutions  for  key 
markets. 

“There  are  no  details  on  the  data  center  side,” 
says  Zeus  Kerravala  of  the  Yankee  Group.  “How 
are  they  going  to  play  in  the  converged  data  cen¬ 
ter?  How  do  they  address  that  aside  from  the 
loose  IBM,  Dell  OEM  deals?  They  need  to  out 
some  meat  on  the  bones.” 

One  of  the  omissions  from  the  prepared 
remarks  was  a  FibreChannel  over  Ethernet 
(FCoE)  strategy.  (FCoE  is  regarded  as  the  quin¬ 
tessence  of  a  unified  data  center  fabric.) 

However,  Andy  Ingram,  a  vice  president 
in  Juniper’s  Fabric  and  Switching  technology 
group,  later  said  that  an  FCoE  strategy  will  be 
forthcoming.  It  will  combine  organic  develop¬ 
ment  with  partner  contributions.  But  he  added 
that  the  economics  of  FCoE  —  its  Converged 
Network  Adapters  cost  twice  as  much  as  Fibre 
Channel  Host  Bus  Adapters,  which  cost  two  to 
four  times  as  much  as  Ethernet  network  inter¬ 
face  cards  —  don’t  currently  make  sense. 

Still,  customers  may  want  a  more  definitive 
road  map,  analysts  say. 

“The  problem  is ...  there  are  no  [Juniper]  prod¬ 
ucts  today  to  help  the  data  center,”  says  Cindy 
Borovick,  a  data  center  analyst  at  IDC.  “But  cus¬ 
tomers  are  making  their  investments  now.” 

Borovick  says  Juniper’s  data  center  strategy 
is  targeted  at  large  content  sites  that  deploy  net- 
work-attached  storage  connectivity  rather  than 
Fibre  Channel.  She  notes,  though,  that  Juniper’s 
exclusive  agreement  to  license  JUNOS  to  Blade 
does  provide  a  blade  switch  strategy  and  offers 
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View  slideshow  of 
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Highlights  of 
Juniper’s  biggest 
announcement  ever 

New  hardware,  software  and 
renewed  alliances 

Juniper  Networks  ushered  in  its  New 
Network  initiative  at  the  New  York 
Stock  Exchange  last  week.  Here  are 
the  essentials: 

■  New  cards,  applications  and 
aggregation  routers  for  the  Juniper 
MX  series. 

■  JUNOS  Space,  an  SDK  for  writing 
applications  for  Juniper  devices. 

■  JUNOS  Pulse,  a  unified  client  for 
network  access  control  based 
on  user  identity  and  location. 


■  Blade  switches  based  on  Juniper’s 
JUNOS  operating  system  to  be 
developed  by  Blade  Network 
Technologies. 


JUNOS  Trio  silicon,  the  first  in  the 
new  family  of  Junos  One  chipsets 
that  supports  2.6 
terabits  per  second 
throughput 

IBM  will  OEM 
Juniper’s  SRX 
service  gateways. 


another  avenue  for  JUNOS  to  be  embedded  in 
data  centers. 

Juniper’s  broad  brush  stroke  may  be  intended 
to  avoid  the  perception  that  it  is  responding  to 
trendy  new  markets  with  point  products. 

“They  don’t  want  to  be  perceived  as  going 
down  rabbit  holes,”  says  Ron  Westfall,  research 
director  at  Current  Analysis.  “But  one  item  not 
addressed  is  that  Cisco  outsells  them  despite 
the  technological  differentiation.  How  are  they 
going  to  improve  in  the  field  sales?” 

At  least  one  high-profile  customer  doesn’t 
seem  too  worried  about  the  specific  gaps  still  to 
fill  in  Juniper’s  strategic  direction. 

“It’s  clear  they  aim  to  be  a  leading  provider 
of  network  solutions,  like  we  are  [a  leader]  in 
our  industry,”  says  Duncan  Niederauer,  CEO 
of  NYSE  Euronext.  “This  is  about  our  busi¬ 
ness  models  converging,  our  partnership  is  just 
beginning.  Juniper  was  the  right  company  to 
work  with.”  ■ 
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The  challenges  raised  by  the  massive  increase  in  networked  devices  and 
their  escalating  bandwidth  demands  will  not  be  solved  by  more  hardware, 
but  by  a  radical  rethinkin  the  way  networks  work. 

It  calls  for  a  whole  new  philosophy  and  that’s  where  Junos  comes  in. 


THE 

SOLUTION 


A  revolutionary  combination  of  software,  silicon  and  systems  architecture. 
It's  how  to  make  the  box  smarter.  And  it’s  only  from  Juniper  Networks. 


Junos  is  more  than  an  operating  system,  it’s  the  open-standards,  integrated 
and  familial  approach  to  network  design  at  the  heart  of  Juniper  routers, 
switches  and  security  devices,  it’s  a  game  changer  because  it  brings 
stability  to  an  environment  that  has  been  rife  with  interoperability  issues. 
Because  it  creates  a  platform  for  third-party  innovation  and  development, 
and  because,  in  concert  with  the  Junos  One  family  of  processors,  it  . 
enables  a  new  network  architecture  that  is  simpler  and  more  powerful 
than  anything  before  it. 

The  result  is  open,  interoperable  software-powered  networking 
that  is  scalable,  secure  and  automated. 


The  new  network  is  here. 
And  it's  running  Junos. 


juniper 

NETWORKS 


SPECIAL  FOCUS  VOIP  FOR  BUSINESS _ 

Skype  for  Business  too  risky? 

Pending  lawsuits  make  corporate  Skype  Internet  services  a  risky  business 


BYTIM  GREENE 


If  you’re  thinking  about  using  Skype  for  Business  as  a  way  to  save  money 
you  might  want  to  put  it  off  until  the  courts  settle  lawsuits  that  swirl  around 
plans  to  sell  the  company.  That’s  the  advice  of  Irwin  Lazaar,  an  analyst 
with  Nemertes  Research,  who  otherwise  regards  the  company’s  enter¬ 
prise  offering,  Skype  for  Business,  as  a  viable  way  to  save  on  long-distance 
calls.  “Skype’s  future  is  very  much  in  doubt,”  he  says.  “I  would  wait  at  least  six 
months  or  a  year  for  the  legal  wranglings  to  work  themselves  out.” 


Skype  for  Business: 
pros  and  cons 

Skype  for  Business  ties  peer-to- 
peer  VoIP  from  Skype  in  with  PBXs 
to  offer  cost  savings  and  features, 
but  it  doesn’t  come  without  some 
risks,  as  outlined  here. 

Pro 


Skype’s  founders  want  to  buy  it  back  from 
eBay  and  have  filed  lawsuits  that  could  jeop¬ 
ardize  use  of  essential  code  that  the  found¬ 
ers  still  own.  Without  the  code,  the  risk  of 
Skype  for  Business  being  disrupted  is  serious 
enough  that  customers  should  beware  of  rely¬ 
ing  on  it,  Lazar  says. 

Legal  uncertainties  aside,  Lazar  says  Skype 
for  Business  is  a  significant  opportunity  to 
reduce  long-distance  costs.  Any  of  Skype’s  521 
million  users  can  call  a  Skype-enabled  busi¬ 
ness  and  customers  for  free,  helping  to  control 
costs  for  contact  centers  or  remote  corporate 
employees,  he  says.  The  service  can  also  com¬ 
plete  calls  to  non-Skype  numbers  using  the 
Internet  as  a  long-distance  backbone  and 
then  dropping  calls  off  at  local  public  phone 
exchanges  for  completion. 

A  range  of  VoIP  and  IP  video  vendors  sup¬ 
port  Skype,  making  it  simpler  for  their  cus¬ 
tomers  to  integrate  Skype  with  the  vendors’ 
commercial  offerings.  These  include  Cisco, 
Shortel,  SIP  Foundry  (part  of  Nortel)  and  Life- 
Size,  and  there  are  talks  with  Alcatel-Lucent 
and  Microsoft,  says  Stefan  Oberg,  general 
manager  and  vice  president  of  Skype  for  Busi¬ 
ness.  Since  LifeSize  is  a  telepresence  vendor, 
this  relationship  suggests  future  video  inte¬ 
gration  with  Skype. 

Skype  certification  means  customers  of 
these  vendors  can  receive  and  send  Skype 
calls  via  the  certified  gear.  Inbound  Skype 
calls  are  free,  and  businesses  can  buy  Skype 
minutes  to  make  outbound  calls  from  phones 
attached  to  the  certified  call  servers.  Calls  are 
carried  between  callers’  local  Skype  points  of 
presence  to  Skype  POPs  close  to  called  par¬ 
ties,  eliminating  long-distance  charges,  via  a 
service  called  Skype  for  SIP. 

Skype  for  Asterisk  is  a  separate  program 
that  supports  the  same  features  through  open 
source  Asterisk  IP  PBXs,  plus  it  adds  the  ability 
to  call  Skype  names  from  the  PBX.  Skype  has 
also  certified  session  border  controllers  from 
Acme  Packet  that  facilitate  the  interoperability 


of  IP  PBXs  with  Skype’s  network. 

Skype  for  SIP  is  still  in  beta  testing,  a  pro¬ 
gram  for  which  9,500  businesses  signed  up 
when  it  was  announced  in  March,  he  says. 

By  receiving  inbound  Skype  calls,  busi¬ 
nesses  can  reduce  their  800-number  costs 
because  anyone  with  a  Skype  client  or  Skype 
phone  can  contact  the  business  for  free,  Oberg 
says.  Businesses  can  put  a  Skype  calling  but¬ 
ton  on  their  Web  sites,  so  people  with  Skype 
who  are  browsing  these  sites  click  on  the  but¬ 
ton  and  are  connected  to  the  business  via  a 
Skype  call.  He  says  a  French  insurance  com¬ 
pany  receives  10%  of  its  customer  calls  via  the 
button  on  its  Web  site. 

Hotels  could  use  Skype  for  SIP  for  connect¬ 
ing  potential  customers  visiting  their  Web 
sites  to  reservation  agents.  Once  they  make 
reservations,  they  could  give  friends  the 
Skype  name  for  the  hotel  so  they  could  acquire 
Skype  clients  and  make  free  calls  to  the  guests 
during  their  stays,  Oberg  says. 

Some  businesses  use  consumer  Skype  cli¬ 
ents  for  business  purposes  even  before  the 
service  Skype  for  Business  becomes  generally 
available  by  year-end. 

Maxim  Integrated  Products,  an  analog 
computer-chip  maker  in  Sunnyvale,  Calif., 
says  it  saved  $90,000  over  the  past  year  with 
an  informal  Skype  program.  The  company 
bought  Skype’s  all-you-can-use  outbound 
calling  to  the  United  States  and  Canada  for 
$30  per  user  per  year  for  2,000  users.  The 
company  installed  a  Skype  client  on  each  PC 
and  issued  a  headset  or  USB  handsets  to  the 
users,  says  Walter  Curd,  Maxim’s  CIO.  They 
don’t  have  to  use  it,  but  those  who  did  saved 
the  company  $150,000  in  long-distance  fees 
in  one  year,  a  net  savings  of  $90,000,  he  says. 

Only  20%  of  the  users  use  Skype  heavily,  he 
says,  and  about  20%  don’t  use  it  at  all,  with  the 
rest  using  it  sometimes.  Most  use  it  for  talking 
with  fellow  employees  at  other  company  sites, 
he  says. 

Maxim  beefed  up  the  bandwidth  on  some  of 


Reduces  need  for  800  numbers. 

Enables  customers  to  call  directly 
from  company  Web  sites. 

Lowers  long-distance  bills. 

Operates  in  tandem  with 
other  VoIP  infrastructure. 

Con 

Inbound  callers  must  first 
download  Skype. 

Call  quality  relies  on  the  Internet. 

Use  may  require  local  network 
upgrades  to  ensure  performance. 

Lawsuits  threaten  the 
service  short-term. 


its  Internet  connections  to  ensure  they  didn’t 
affect  Skype  call  quality,  he  says,  but  because 
of  lower  pricing,  that  didn’t  increase  the  cost  to 
Maxim.  “The  problem  with  Skype  is  the  qual¬ 
ity  of  the  internal  network,  not  the  quality  of 
the  Internet,”  he  says. 

Maxim’s  primary  phone  system  consists 
of  traditional  Nortel  PBXs,  with  Skype  being 
used  as  a  supplement  that  adds  desktop  video 
and  instant  messaging  to  the  communications 
mix,  Curd  says.  The  company  uses  Polycom 
teleconferencing  gear,  but  it  requires  schedul¬ 
ing  rooms  to  use  it.  “I  can  never  get  the  room 
for  conferencing  with  my  direct  reports,”  he 
says.  So  he  issued  them  desktop  Web  cameras 
and  videoconferences  over  Skype  instead. 

The  downside  is  that  Skype  drops  about  one 
in  50  calls.  “But  hey,  it’s  free.  Just  call  back,” 
Curd  says.  “You  complain  about  Skype,  but 
who  hasn’t  had  a  dropped  call  or  call  quality 
problems  on  a  cell  phone?” 

He  says  he  is  aware  of  the  lawsuits  against 
Skype  over  its  code.  “There’s  uncertainty.  The 
[suits]  could  in  effect  shut  them  down,”  he 
says.  “It  would  be  disappointing,  let’s  put  it 
that  way.”  ■ 
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Untangle  business  communications  with  brilliant  simplicity, 

Experience  a  simpler,  more  reliable  way  to  share,  connect,  and  collaborate. 

ShoreTel's  brilliantly  simple  IP  phone  system  delivers  true  unified  communications 
built  for  the  IP  age.  Easy  to  integrate.  Easy  to  scale,  manage  and  use.  Visit 
shoretel.com/untangle  and  untangle  your  communications  now. 


Brilliantly  simple 
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over  IP.  There  is  the  focus  on  the  integration  of 
wired  and  wireless  technologies  over  switching 
fabrics,  and  the  integration  of  security  that 
comes  with  that.  So,  there  are  constantly  new 
ways  to  apply  innovation. 

HP  and  3Com  have  stepped  up  their  competi¬ 
tive  efforts,  both  of  them  pushing  a  value  story, 
and  Juniper  is  making  more  noise  in  the  data 
center,  what  kind  of  market  pressure  is  all  of 
this  putting  on  you  guys? 

We’ve  seen  competitors  ebb  and  flow  in  terms 
of  their  focus  on  this  marketplace.  Certainly  we 
see  a  lot  of  competition  that  is  strictly  focused 
on  price,  and  while  that  is  one  important  part 
of  competition,  I  would  submit  that  value  has  a 
lot  to  do  with  your  ability  to  simplify  customer 
operations. 

Look  at  the  longevity  of  our  6500.  We  have 
had  multiple  product  transitions  within  that 
platform.  Customers  running  large  networks 
have  all  three  generations  of  that  product  and 
have  a  consistent  set  of  operations  across  them, 
have  the  ability  to  integrate  services,  and  that 
brings  tremendous  value. 

What  has  changed 
are  the  frontiers. 

There  is  the  convergence 
of  compute  and  storage 
over  IP.  There  is  the  focus 
on  the  integration  of  wired 
and  wireless  technologies 
over  switching  fabrics,  and 
the  integration  of  security 
that  comes  with  that.” 

JOHN  MCCOOL,  SENIOR  VICE  PRESIDENT  AND 
GENERAL  MANAGER  OF  CISCO  DATA  CENTER 
SWITCHING  AND  SERVICING  GROUP 


How  do  you  see  the  evolution  of  virtualization 
and  the  emergence  of  this  cloud  stuff  changing 
data  center  network  design? 

If  you  look  what  we  did  with  our  Unified  Com¬ 
puting  System  (UCS)  and  Nexus,  we  placed  a 
big  bet  about  four  years  ago  that  virtualization 
was  going  to  be  a  very  significant  market  tran¬ 
sition  and  I  think  we  called  it  right.  It  would 
have  been  easy  to  just  continue  the  evolution 
of  our  6500  family,  but  we  felt  strongly  that 
we  needed  to  look  at  how  compute  evolves  to 
deal  with  virtualization,  and  how  the  network 
fabric  and  compute  become  very  integral. 

Now  we’re  seeing  customers  looking  at 
Nexus  as  a  way  to  scale  virtual  machines 
beyond  the  single  server.  They  are  starting  to 
think,  how  can  I  scale  this  to  a  rack  of  servers, 
to  multiple  racks  of  servers,  and  ultimately, 
move  virtual  machines  from  data  center  to  data 
center.  Our  own  internal  IT  group  is  think¬ 
ing  about  this  technology  as  a  way  to  migrate 
applications  across  a  broad  infrastructure 


—  network,  compute,  storage  —  so  they  can  take 
equipment  out  of  operation  without  scheduling 
maintenance.  That  is  huge  win. 

The  networks  have  to  be  designed  to  deal  with 
virtual  machine  mobility  in  a  fundamental  way. 
So,  how  does  my  network  policy  migrate  with 
those  virtual  machines?  That  is  an  architectural 
challenge  that  we  have  taken  up  with  our  Nexus 
1000V  It  can  move  with  the  virtual  machine.  All 
the  [access  control  lists]  and  control  points  that 
our  network  administrators  have  come  to  trust 
in  their  physical  designs  now  can  be  applied  at 
the  virtual  machine  level. 

But  you  have  to  think  about  how  services 
connect  to  these  virtual  machines.  We  are  just 
starting  to  see  the  first  wave  of  this,  but  I  think 
this  is  going  to  be  a  huge  trend  for  the  next 
three  to  five  years. 

You  mentioned  UCS.  Give  us  the  elevator 
pitch,  why  should  Cisco  be  one  of  my  compute 
suppliers? 

A  lot  of  people  scratched  their  heads  and  looked 
at  this  as  yet  another  entry  into  the  blade 
market.  But  I  come  back  to  virtualization  being 
a  very  fundamental  shift.  We  think  the  existing 
blade  market  did  a  nice  job  on  what  I  would 
call  mechanical  innovations.  Improving  power, 
improving  cooling,  reducing  cabling,  etc.  But 
there  was  an  opportunity  to  take  that  a  step 
further. 

As  you  see  the  explosion  of  multi-core  pro¬ 
cessors,  the  only  way  to  take  advantage  of  them 
effectively,  without  writing  a  lot  of  applications, 
is  through  virtualization.  But  the  challenge 
becomes,  what  is  the  architecture  of  the  I/O,  the 
connection  of  those  virtual  machines  on  those 
servers  to  the  network?  That  is  basically  a 
network  problem  and  where  we  have  provided 
some  foundational  innovation.  The  investment 
we  made  on  Fibre  Channel  over  Ethernet  to 
converge  the  fabric  with  an  industry  standard 
approach,  that  was  a  key  component  of  UCS.  So, 
it  fits  into  this  entire  network-based  data  center 
architecture  that  we  have  come  up  with. 

Isn’t  it  harder  for  you  to  enter  computing 
than  it  is  for  the  big  computing  guys  to  add 
networking? 

It  really  depends  on  where  you  think  the  puck 
is  going  and  if  there  is  an  innovation  vector 
involved.  If  you  believe  that  computing  is  Intel- 
based,  commodity,  white  label  things,  you  even 
question  the  value  existing  vendors  bring.  And 
maybe  part  of  the  market  does  go  that  direction. 
But  if  you  look  at  what  happened  with  blades 
in  the  last  three  to  five  years,  people  began  to 
innovate  in  terms  of  the  system  architecture 
and,  while  we  think  that  was  a  step  in  the  right 
direction,  we  don’t  think  they  went  far  enough. 

We  believe  you  can  design  systems  and  prod¬ 
ucts  that  work  better  together,  that  are  based  on 
industry  standards,  that  provide  value  to  the 
customer  and  diminish  the  total  cost  of  owner¬ 
ship,  diminish  the  need  for  integration  services 
at  the  product  level,  and  allow  the  customer 
to  spend  service  money  on  services  that  help 


integrate  those  products  and  systems  into  busi¬ 
ness  processes.  They  don’t  want  to  spend  time 
and  money  just  integrating  20  blades.  They 
expect  that  to  work  out  of  the  box.  So  that  is  the 
opportunity  for  Cisco. 

I  would  contend  that  there  are  huge  areas  of 
networking  that  haven’t  even  been  scratched 
by  the  system  vendors  coming  into  this  space. 
Where  is  your  BGP  support?  What  is  your 
IPv6  strategy?  How  are  you  doing  dealing 
with  MPLS,  VPLS?  Oh,  by  the  way,  there  are 
new  standards  coming  on  layer  2  to  deal  with 
virtual  machine  mobility.  This  is  a  complicated 
space,  and  our  customers’  networks  range  from 
modern  day  that  were  built  in  the  last  three 
years,  through  legacy  networks  that  they  built 
10, 15  years  ago  and  they  are  expecting  tech¬ 
nologies  that  can  bring  in,  adapt,  and  migrate  to 
over  some  period  of  time. 

You  say  standards-based  and  when  we  asked 
HP  about  UCS  recently  they  called  it  “a 
closed  architecture  with  proprietary  compute 
technologies.” 

Let’s  face  it,  all  blade  systems  have  been  closed. 
IBM,  HP,  you  buy  the  blade  from  that  vendor 
and  put  it  into  their  rack,  right?  And  if  you  look 
at  something  like  the  HP  C- series  with  virtual 
connect,  even  the  network  connection  has  been 
proprietary,  and  now  you  see  HP  respond  with 
industry  standard  FCoE  out  of  the  ProCurve 
division.  So  what  is  the  right  architectural 
approach?  It  is  posing  a  quandary  for  their 
customers. 

Our  architecture  is  based  on  a  unified  fabric. 
With  a  UCS  system,  you  could  take  white  label 
servers  connected  to  FCoE,  and  have  a  con¬ 
sistent  network-based  architecture  based  on 
industry  standards,  IP,  Ethernet.  I  don’t  think 
the  system  suppliers  are  used  to  competing  in 
an  open-based  market.  They  have  a  model  that 
requires  certification  of  storage  technologies, 
applications  over  their  closed  systems.  IP  has 
always  been  based  on  open  systems.  You  plug 
in  a  NAS  device,  a  camera  into  IP,  you  expect 
it  to  work,  right,  whether  it  is  my  switch  or 
someone  else’s  switches.  This  is  a  fundamental 
shift  for  the  system  suppliers. 

It’s  hard  not  to  talk  about  all  this  without 
bringing  up  cloud  computing,  and  John 
Chambers  has  called  security  in  cloud 
computing  a  nightmare.  Do  you  have  any 
broad  architectural  initiatives  under  way  to 
address  this? 

Absolutely.  We  look  at  new  challenges  that 
come  with  transitions  as  an  opportunity  to 
innovate.  In  the  physical  world,  what  people 
do  is  bind  their  network  configuration  to  their 
security  solution.  In  clouds  the  binding  of 
security  policy  has  to  be  much  more  dynamic, 
be  able  to  recognize  application  mobility,  and 
we  think  that  fundamentally  fits  into  a  network 
type  of  approach.  If  you  think  about  rout¬ 
ing,  this  is  a  distributed  configuration  type 
of  problem.  This  challenge  around  mobility 

See  Cisco,  page  24 
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ICC's  HiPerlink  Copper  ‘Plug  and  Play’  Solution 


Those  big  name  brands  would  like  you  to  think  that  their  pre-terminated 
solutions  are  the  most  cost-effective  ways  to  quickly  deploy  network 
systems  and  upgrades,  therefore  saving  you  money.  The  truth  is, 
ICC’s  pre-terminated  solutions  are  consistently  priced  40%  lower  than 
most  pre-terminated  suppliers. 


How  do  we  do  this?  Simple,  we  make  our  own  cables  so  we  don’t 
need  to  put  high  markups  on  them  like  others  do.  In  this  economy, 
you  can’t  afford  to  pass  up  that  kind  of  savings. 


Save 


Don't  believe  us? 

Call  888-ASK-4-ICC  extension  4000  and  ask  for  a  quote. 

Go  on-line  www.icc.com/nw 


✓  Plug  and  Play 

Install  CAT  6A,  CAT  6,  and  CAT  5e  pre- terminated  solutions  right 
out  of  the  box  with  little  sweat  and  no  hassle. 


✓  Modular  and  Flexible 

ICC's  plug  and  play  cassettes  come  with  a  twist...  they ‘re  modular. 
Other  supplier's  plug  and  play  cassettes  are  fixed.  With  ICC,  you 
can  easily  change  or  move  modules  from  the  cassette  after 
installation.  You  can  also  order  any  color  modules  ybu  prefer; 
blue,  red,  orange,  yellow  or  even  purple.  There,  are  ten  different 
colors  to  choose  from.  i  :  '  '  •  ; 
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✓  Built-to-Order  ' : 

Cassette-to-Cassette,  Cassette-t 
Cassette-to-Blunt.  and  Cassettettc 

✓  Lifetime  Warranty’ 

Reliability  and  assurance  for  end-to-end  ;c<pbkn.9  systems. 
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and  security  lends  itself  to  a  network-based 
approach. 

How  do  you  see  FCoE  ramping  up? 

The  standard  was  ratified  in  June  and  industry 
support  has  been  accelerating.  There  are  two 
legs  to  this  adoption  journey.  The  first  leg  gets 
you  75%  to  80%  of  the  benefit  of  converging 
Fibre  Channel  over  Ethernet  between  the 
server  and  the  access  switch.  Our  architecture 
connects  servers  to  our  Nexus  5000  access 
switch  which  in  turn  splits  the  Fibre  Channel 
traffic  to  the  traditional  SAN  devices  through 
our  MDS,  and  the  IP  traffic  through  our  Nexus 
7000.  So,  the  majority  of  the  benefit  —  the 
cabling  benefit  I  just  spoke  of,  the  power  reduc¬ 
tion  —  all  is  in  that  first  connection  from  the 
server  to  the  switch. 

The  second  leg  is  for  the  many  customers 
that  will  take  some  time  before  they  upgrade 
their  arrays  and  their  disk  storage  from  native 
Fibre  Channel  to  FCoE.  This  architecture 
allows  them  to  have  a  staged  migration  strategy, 
but  gets  huge  benefits  on  day  one. 

What  role  does  MDS  play  in  that  migration? 
How  do  you  migrate  the  installed  base  to  FCoE 
while  protecting  the  customer’s  investments 
in  MDS? 


As  I  said  earlier,  servers  will  be  the  first  to 
move  towards  FCoE.  Since  not  all  customers 
will  upgrade  everything  at  once,  they  can  then 
connect  their  existing  MDS  to  our  Nexus  5000 
and  keep  their  legacy  storage  arrays  intact.  So, 
MDS  plays  a  critical  role  in  maintaining  the 
Fibre  Channel  storage-area  networks  in  an 
enterprise,  allowing  customers  to  keep  their 
existing  Fibre  Channel  investment.  The  other 
thing  unique  about  MDS  is  our  platform  strat¬ 
egy.  Rather  than  upgrading  to  a  new  chassis 
every  time  we  move  from  two  to  four  to  eight 
gig  Fibre  Channel,  we  can  upgrade  the  existing 
chassis  and  protect  that  installed  base.  This  is  a 
very  unique  approach  from  what  we  see  in  the 
industry,  and  is  something  that  has  served  us 
well  in  the  IP  world. 

How  much  of  that  storage  connectivity  in  MDS 
will  be  subsumed  eventually  by  the  Nexus  line? 

I  think  you’re  poking  at  the  migration  time 
frame  from  Fibre  Channel  to  FCoE.  It  is  tough 
to  predict  how  quickly  this  will  migrate,  but  I 
do  see  the  growth  of  that  overall  market  in  the 
FCoE  component. 

Will  the  Nexus  eventually  assume 
all  of  the  capabilities  of  the  MDS  line? 

There  will  be  customers  who  will  look  for 
pure  Fibre  Channel  connectivity  that  we’ll 


provide  in  the  MDS,  and  folks  who  will  look 
for  FCoE  as  we  have  provided  in  the  Nexus 
5000. 

So,  will  MDS  be  around  as  long  as  native  Fibre 
Channel  is  around? 

We’re  not  going  to  predict  life  spans,  but  the 
exact  same  approach  we  took  to  the  6500,  in 
terms  of  migration  of  incremental  speed  and 
incremental  capability,  that  is  our  fundamen¬ 
tal  strategy  on  MDS,  being  able  to  continue 
to  upgrade  that  product  without  chassis 
replacement. 

Great.  Anything  in  closing? 

As  we  have  gotten  into  a  large  number  of 
market  adjacencies,  people  have  questioned 
whether  we’ve  lost  our  focus.  I  want  to  set  the 
record  straight:  the  foundation  of  our  business 
is  around  routing  and  switching.  As  we  get  into 
things  like  connected  real  estate  and  digital 
signage,  physical  security,  you  look  at  these 
multi-million  dollar  opportunities  and  switch¬ 
ing  and  routing  is  the  core  of  everything  we 
do  and,  fundamentally,  we  believe  switching 
and  routing  is  an  innovation  proposition.  It 
is  continuing  to  change.  We  have  driven  a  lot 
of  those  transitions  over  a  long  period  of  time, 
and  we  feel  we  are  extremely  well  positioned  to 
continue  that  in  the  future.  ■ 


RISKANDREWARD  BY  ANDREAS  ANTONOPOULOS 

Practical  identity  protection  you  can  use 


IS  IT  CHRISTMAS  already?  I’m  beginning  to 
receive  informative  e-mails  about  evil  hackers 
who  want  to  steal  my  identity  during  the  dan¬ 
gerous  (and  ever  lengthening)  holiday  season.  As  usual  the  advice  ranges 
from  lame  to  impossible. 

I  am  advised  to  “avoid  giving  my  credit  card  online”  and  to  be  “careful 
when  banking  online”  and  to  use  random,  complex  passwords  that  I  never 
repeat  and  never  write  down.  So,  as  long  as  I  refrain  from  commerce,  stay 
indoors  and  have  a  superhuman  memory,  I  should  be  fine. 

I  worry  about  identity  theft  and  always  take  measures  to  defend  my 
identity.  So  here’s  some  identify  defense  advice  that’s  actually  practical: 

■  Don’t  sign  credit  cards.  I  sign  mine  “See  ID”.  Why  give  a  card  thief 
my  signature  too?  It’s  easier  to  contest  a  charge  if  the  person  spoofing  my 
signature  has  never  seen  it  and  can’t  come  close  to  replicating  it.  It  almost 
backfired  once  in  a  taxi  in  Tokyo.  I  had  to  sign  the  credit  slip  as  Mr.  “See  ID” 
so  that  it  matched  the  card  —  but  it  worked. 

a  Safeguard  your  passwords.  Don’t  store  passwords  in  documents 
or  on  paper.  Use  password  “vault"  software  that  implements  strong 
encryption.  An  excellent,  multi-platform  and  open  source  (free)  choice 
is  KeePass.  Store  passwords,  account  numbers,  credit  card  numbers  and 
so  on  in  the  password  vault.  Use  the  secure  clipboard  (which  clears  itself 
after  10  seconds)  to  copy  the  password  into  your  application,  thus  never 
typing  it  for  a  keylogger  to  catch.  Use  the  built-in  password  generator  to 
create  truly  unique,  random  and  strong  passwords.  Install  on  iPhone  or 
Black  Berry  for  mobility. 

*  Remove  Personally  Identifiable  Information  from  your  computer. 

Now  that  you’ve  safely  stored  all  your  sensitive  tokens  in  the  password 
vault  above,  remove  any  traces  from  your  computer.  The  University  of 
Texas  has  provided  the  Sensitive  Number  Finder  to  help  with  this  task. 


It’s  a  cross-platform  free  java  application  that  scans  your  hard  drives  for 
Social  Security  numbers,  credit  card  numbers  and  such.  I  ran  it  for  testing 
purposes,  though  as  a  security  professional  I  was  sure  it  wouldn’t  find 
anything.  Oops  —  what’s  that  Social  Security  numbers  in  a  5-year-old  tax 
return  sitting  there  unencrypted? 

■  Encrypt  your  hard  drive.  Use  the  built-in  operating  system 
encryption  (on  Windows  or  Mac),  or  a  third-party  solution  such  as  the 
excellent  TrueCrypt.  This  won’t  protect  against  Trojans  or  keyloggers  but 
it  will  offer  peace  of  mind  if  you  leave  your  laptop  in  a  taxi. 

■  Freeze  your  credit  report  at  all  three  agencies  (Equifax,  Experian, 
TransUnion).  You  will  have  to  unfreeze  it  before  seeking  new  credit,  but 
who  said  “convenience”  should  be  the  rule  with  credit?  I’d  rather  have 
inconveniently  secure  credit. 

■  Buy  a  credit-monitoring  service.  I  prefer  not  to  give  more  money 
to  the  credit  agencies  that  created  much  of  the  identity  theft  problem  in  the 
first  place.  Identity  Guard  is  a  great  choice  for  me. 

■  Buy  insurance  and  remediation  for  identity  theft.  Monitoring 

credit  reports  is  not  enough.  Remediation  is  a  pain  and  costly.  Many 
services  (including  Identity  Guard)  offer  insurance  against  losses  and 
assistance  with  repairing  your  credit  file.  A  $1  million  loss  guarantee  helps 
me  sleep  better. 

Defending  your  identity  does  not  mean  hiding  under  a  rock  and  shop¬ 
ping  only  by  barter  (a  goat  for  my  eight  oranges).  The  practical  solutions 
outlined  here  are  not  too  expensive  (about  $150  a  year).  They  are  effective 
and  can  be  implemented  by  anyone  with  just  a  bit  of  technical  skill.  ■ 

Antonopoulos  is  a  senior  vice  president  and  founding  partner  at  Nem- 
ertes  Research,  an  independent  technology  research  firm.  He  can  be 
reached  at  andreas@nemertes.com. 
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TECHUPDATE 

An  inside  look  at  technologies  and  standards 

Considerations  for  SSD  deployment 

BY  BOB  FINE  cards  do  so  at  the  expense  of  a  valuable  PCI  critical  applications  is  the  impetus  for  investing 

express  slot,  which  would  otherwise  be  used  to  in  solid  state  technology.  So  once  the  hardware 


While  solid  state  drives  offer 
increased  performance,  the  key  to 
figuring  out  the  role  they  can  play 
in  the  data  center  is  balancing  that 
performance  against  cost. 

SSD  technology  has  been  around  for  decades 
and  has  become  more  popular  in  laptops  and 
desktops.  Companies  can  typically  use  fewer 
SSDs  compared  with  the  number  of  traditional 
spinning  disks  they  would  have  to  deploy  to 
achieve  equivalent  performance. 

However,  not  all  solid  state  technology  is  built 
the  same.  The  speed  of  SSDs  doesn’t  come  cheap; 
the  average  price  per  gigabyte  is  10  times  more 
than  traditional  disks.  Before  adopting  SSDs, 
you  need  to  understand  what  is  driving  your 
performance  needs  and  which  SSD  configura¬ 
tion  is  most  appropriate  for  your  applications. 

1.  The  need  for  speed 

In  its  study,  “Worldwide  Solid  State  Drive  2007- 
2012  Forecast  and  Analysis:  Entering  the  No- 
Spin  Zone,”  IDC  forecasts  the  market  for  SSDs 
will  grow  70%  between  2007  and  2012. 

SSD  provides  the  power  to  significantly 
increase  IOPS  for  the  most  demanding  appli¬ 
cations.  It  also  frees  up  overtaxed  traditional 
drives  in  tiered  storage  environments  to  func¬ 
tion  at  maximum  ability.  Tiered  storage  moves 
data  between  high-performance,  low-capacity 
drives  and  slower,  higher-capacity  drives.  How¬ 
ever,  it  can  be  difficult  to  integrate  SSDs  into  an 
environment  not  optimized  for  the  technology. 

To  balance  speed  and  cost,  you  should  start 
small  without  purchasing  a  lot  of  SSDs  up  front. 
Make  sure  you  can  maximize  storage  utiliza¬ 
tion  of  SSDs  by  combining  the  drives  with  key 
virtualization  applications.  See  if  you  can  inte¬ 
grate  the  technology  in  your  existing  array  or  if 
you  need  to  install  another  “brick”  or  array  to 
use  SSD.  Without  the  right  infrastructure,  the 
drives  can  become  too  costly,  difficult  to  man¬ 
age  and  inefficient  compared  with  traditional 
spinning  media. 

2.  Drive  vs.  cache 

Once  you  decide  to  implement  SSDs  you  must 
consider  the  actual  configuration.  The  primary 
(and  much  debated)  choices  for  maximizing  effi¬ 
ciency  are  whether  you  implement  the  drives  as 
cache  or  persistent  storage. 

Cache-based  configurations  can  improve  the 
performance  of  a  server  or  controller  by  acting 
like  additional  dynamic  RAM  memory.  Many 
controllers  are  essentially  closed  systems  and 
won’t  accept  cache  cards,  so  the  only  option  is 
to  add  a  dedicated  SSD  cache,  but  that  approach 
tends  to  be  costly.  Controllers  that  accept  cache 


maximize  the  number  of  ports.  However,  the  big¬ 
gest  drawback  to  implementing  SSDs  as  cache  is 
that  it  prevents  users  from  tiering  storage,  which 
many  believe  is  the  most  efficient  path  to  SSD 
utilization  and  performance. 

Unlike  cache  configurations,  persistent,  drive- 
based  implementations  let  users  tier  SSDs  along 
with  traditional  spinning  disk.  In  an  automated 
tiered  storage  environment,  SSDs  can  be 
reserved  for  applications  requiring  the  best  per¬ 
formance,  which  means  fewer  SSDs  are  needed. 
Less-essential  data  that  needs  to  be  accessed 
quickly  can  be  stored  on  relatively  lower-cost, 
higher-capacity  Fibre  Channel  or  SATA  drives, 
as  opposed  to  being  archived  off-site  or  on  tape. 
Automatically  moving  data  back  and  forth 
between  the  solid  state  drives  and  disk  tiers 
based  on  policies,  such  as  frequency  of  access, 
can  significantly  reduce  the  cost  of  storing  and 
managing  the  data. 

Cache  provides  a  significant  performance 
improvement  for  the  whole  storage  infrastruc¬ 
ture,  and  does  not  require  additional  software 
or  training.  However,  caching  precludes  easy 
tiering.  When  SSD  is  integrated  as  the  top  tier 
in  a  persistent  storage  environment,  users  can 
purchase  only  the  number  of  solid  state  drives 
required  to  house  the  active  blocks  for  their 
applications.  They  don’t  need  to  purchase  SSDs 
for  entire  volumes. 

3.  SLC  vs.  MLC:  It’s  what’s  inside 
the  drive  that  counts 

There  are  two  basic  flavors  of  SSD  drives:  those 
based  on  flash  memory  and  those  based  on 
DRAM.  Since  the  inception  of  SSDs,  flash  has 
changed  the  landscape  and  outpaced  DRAM 
as  the  chosen  data  center  technology.  Although 
DRAM  has  performance  benefits,  flash  is  signifi¬ 
cantly  faster  than  disk-based  arrays,  more  afford¬ 
able  than  DRAM  to  implement  and  is  the  widely 
offered  format  of  most  storage  array  vendors. 

The  flash  found  in  SSDs  is  further  broken  into 
two  categories:  Single  Level  Cell  (SLC)  and  Multi 
Level  Cell  (MLC).  SLC  flash  is  found  predomi¬ 
nantly  in  enterprise-class  drives  and  each  data 
bit  is  stored  in  one  cell.  This  format  is  associated 
with  better  reliability,  improved  longevity  and 
better  read/write  cycles.  MLC  drives,  while  less 
expensive  to  manufacture,  have  slower  transfer 
speeds,  higher  power  consumption  and  lower  cell 
endurance,  and  are  typically  found  in  consumer 
memory  cards.  More  data  is  stored  in  each  cell  -  if 
a  cell  is  lost,  more  data  is  lost  along  with  it. 

4.  Software  applications  to 
maximize  SSD  efficiency 

Increasing  speed  of  operation  and  access  to 


decisions  are  made  you  have  to  address  the 
software  questions.  Two  storage  virtualization 
technologies  noted  for  their  ability  to  make  the 
SSD  performance  spike  are  thin  provisioning 
and  automated  tiered  storage.  You  should  also 
employ  storage  resource  management  (SRM) 
software  to  automatically  track  and  report  how 
much  capacity  is  being  used  across  tiers,  and  by 
the  SSDs  themselves.  The  SRM  software  should 
provide  granular  enough  detail  about  use  to  take 
the  guesswork  out  of  SSD  capacity  planning. 

Are  there  hidden  costs?  Many  solutions 
require  investment  in  entire  “bricks”  and  enclo¬ 
sures,  which  significantly  increases  the  invest¬ 
ment.  Others  allow  you  to  purchase  SSDs  in 
smaller  increments  as  the  data  set  grows. 

Additionally,  will  you  be  forced  to  predeter¬ 
mine  volumes  and  applications  for  SSD  tech¬ 
nology?  Can  you  use'  thin  provisioning  with  the 
SSDs,  or  are  you  wasting  capacity  just  to  allocate 
storage?  Thin  provisioning  means  space  is  only 
consumed  on  these  expensive  drives  when  data 
is  written,  leaving  as  much  space  free  as  possible 
and  the  drives  operating  at  peak  performance. 
While  thin  provisioning  is  gaining  popularity, 
few  vendors  offer  the  technology  for  SSDs. 

Another  consideration  is  the  ability  to  auto¬ 
mate  storage  tiering.  Incorporating  SSDs  can 
improve  performance,  but  without  the  ability 
to  dynamically  move  data  to  lower  storage  tiers, 
unused  data  remains  static  on  the  high-perfor¬ 
mance  drives.  This  quickly  negates  the  antici¬ 
pated  benefits. 

Getting  value  from  SSD 

SSD  efficacy  is  based  on  the  ability  to  increase 
I/O  and  utilization,  so  while  the  cost  per  giga¬ 
byte  may  be  higher  than  HDDs,  the  cost  per  I/O 
is  far  less  with  flash  storage.  This  reduction  is 
exemplified  when  looking  at  usage  examples. 
Some  SSD  suppliers  suggest  one  SSD  can  deliver 
the  performance  of  30  Fibre  Channel  drives. 

While  every  data  center  may  not  need  to 
process  tens  of  thousands  of  IOPS  daily,  imple¬ 
menting  SSD  technology  helps  future-proof 
your  environment  and  position  your  company 
to  seamlessly  handle  growth.  ■ 

Fine  is  director  of  product  marketing  at 
Compellent. 

This  vendor-written  tech  primer 
•  has  been  edited  by  Network  World 
to  eliminate  product  promotion, 
but  readers  should  note  it  will  likely 
favor  the  submitter’s  approach. 
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GEARHEAD  BY  MARK  GIBBS 


On  Linux  and  random  numbers 


THIS  WEEK  TWO  things  are  on  my  mind.  First, 
if  you  do  anything  even  remotely  serious  with 
Linux  then  you’ll  be  well  aware  of  just  how  much 
documentation  there  is  for  the  system.  If  that’s  the  case  then  I’ll  bet  you’ve 
probably  thought  “why  doesn’t  someone  produce  a  honking  great  thick 
book  that  summarizes  more  or  less  everything  I  might  need  to  know  about 
Linux?”  If  you  have  then  your  wish  has  been  granted. 

“Linux  in  a  Nutshell”,  6th  Edition  has  just  been  launched  and  at  917  pages 
including  index  it  beats  the  heck  out  of  resorting  to  the  “man”  command. 
My  one  complaint  is  that  my  eyes  aren’t  what  they  used  to  be  and  the  font 
size  the  book  is  set  in  is  at  my  limit  of  resolution  without  glasses.  As  I  can’t 
see  well  enough  to  find  my  glasses,  this  is  a  problem.  All  you  whippersnap- 
pers  will  be  fine.  This  book  is  a  great  resource.  A  5  out  of  5. 

Next  random  stuff.  By  which  I  mean  really  random  because  there  are 
lots  of  IT  problems  where  real  random  input  is  required  (not  to  be  confused 
with  the  random  input  you  get  from  senior  management). 

I  needed  to  find  a  way  to  generate  a  randomized  sequence  that  consisted 
of  all  of  the  numbers  from  1  to  75  with  no  repeats.  Moreover,  I  wanted  to 
be  able  to  generate  the  list  online  for  another  online  process  to  consume 
and,  so  far,  I  have  found  only  one  Web  site  that  does  anything  like  that: 
Random.org. 

This  site  is  run  by  Dr.  Mads  Haahr,  a  lecturer  in  the  School  of  Computer 
Science  and  Statistics  at  Trinity  College,  Dublin,  Ireland. 

What’s  really  cool  about  this  service  is  that  the  random  numbers  it  pro¬ 
duces  are  truly  random:  The  service  uses  multiple  radio  receivers  that 
sample  atmospheric  noise  on  different  frequencies  as  a  source  of  random 
data.  This  is  important  as  there  are  other  online  random  number  genera¬ 
tors  that  use  pseudo-random  number  generators  (software  algorithms  that 


approximate  random  sequences)  but  for  real  scientific  purposes  these  are 
of  little  use. 

While  I’m  on  the  subject  of  random  number  sources,  check  out  Lavarand, 
which  describes  itself  as  “a  cryptographically  sound  random  number  gen¬ 
erator  of  the  highest  quality”. 

Lavarand  not  only  includes  some  really  good  discussions  on  the  topic 
of  randomness  but  also  provides  open  source  random  number  generating 
software  and  instructions  on  how  to  create  a  random  source  device  called 
a  “Lavacan”  using  a  USB  Webcam  and  some  plastic  pipe.  I  must  make  one 
of  these.  My  office  seems  oddly  unequipped  without  one. 

So  where  was  I?  Oh  yes ...  Random.org  offers  a  sequence  generator  that 
almost  does  what  I  need  but  only  offers  two  types  of  output:  Plain  text  and 
HTML.  Now  what  I  needed  was  an  XML  formatted  output  and  so  I  thought 
I  could  run  the  Random.org  output  through  a  Yahoo  Pipe  (which  I  dis¬ 
cussed)  and  reformat  the  output. 

Unfortunately  Yahoo  Pipes  won’t  take  data  from  sources  that  have  a 
robot  exclusion  file  to  prohibit  access . . .  which,  of  course,  is  exactly  how 
Random.org  is  configured!  Hmmm.  What  to  do? 

Use  a  proxy!  Ah,  but  all  of  the  public  proxies  I  could  find  have  a  robot  exclu¬ 
sion  file  so  I  had  to  set  up  my  own  proxy  on  my  own  server.  I  used  PHProxy 
and  enabled  “hot  linking”  (this  allows  Web  sites  to  access  the  proxy). 

After  that,  it  was  easy.  I  created  a  Yahoo  pipe  to  access  the  proxy,  extract  the 
random  sequence  from  the  Web  page  generated  by  Random.org,  break  the 
sequence  into  separate  numbers,  strip  out  unneeded  tags  and  create  an  RSS 
feed.  If  you  want  a  copy  of  the  Yahoo  pipe  configuration,  drop  me  a  note.  ■ 

Gibbs  isn’t  often  random  in  Ventura,  Calif.  Sequence  your  comments  to 
gearhead@gibbs.com. 


COOLTOOLS  BY  KEITH  SHAW 

Ditch  the  projector  (well,  the  bulky  one) 


The  scoop:  MProl20  Pocket  Projector,  by  3M, 
about  $330  (buy.com). 

What  it  is:  A  miniature  projector  (known 
as  a  pico  projector)  that  fits  in  the  palm  of  your  hand,  the  MProl20  lets 
you  project  videos,  photos  and  presentations  from  a  video  source  onto  a 
wall  or  other  screen  surface.  The  system  can  project  up  to  a  50-inch  image, 
offers  up  to  two  hours  of  battery  life  (a  power  adapter  is  included),  and  3M 
says  the  LED  lamp  offers  up  to  20,000  hours 
of  light  life.  The  system  includes  a  carrying  3M’s  MProl20  Pocket 
pouch,  audio/video  and  VGA  cabling,  and  a  Projector  fits  in  the 
flexible  mini  tripod.  palm  of  your  hand. 

Why  it’s  cool:  Using  a  pico  projector 
eliminates  the  need  for  a  bulkier,  heavier, 
louder  and  hotter  projector  —  even  the 
‘portable”  projectors  meant  for  travel¬ 
ers  take  a  lot  of  effort  to  unload,  set  up 
and  carry  around.  The  MProl20  sets 
up  quickly  and  is  small  enough  to 
throw  into  a  laptop  bag.  Mobile  work¬ 
ers  who  want  to  ditch  the  projector  can  carry 
this  along  and  connect  their  notebooks  to  it  for  mini¬ 
presentations.  1  love  the  idea  of  using  the  projector  in  conjunction  with  an 
iPhone  (with  the  use  of  the  Scosche  cables,  see  below)  for  presentations  and 
video  plays,  which  lets  you  ditch  the  notebook  as  well. 

Some  caveats:  The  smaller  size  of  the  MProl20  limits  the  brightness 
of  the  screen,  which  limits  the  ultimate  size  of  the  image  being  displayed. 
A  50-inch  screen  is  quite  ambitious;  I  was  able  to  get  the  equivalent  of  a 
25-inch  TV  before  the  image  faded  and  blurred.  The  low  brightness  setting 


also  means  you  have  to  be  in  an  almost  completely  dark  room  in  order  to 
see  the  best  images  from  your  video  source.  The  system  includes  tiny 
speakers,  which  also  limit  how  loud  the  unit  gets  if  you’re  displaying  a 
movie.  With  these  limitations,  it  seems  like  it  could  be  just  as  easy  to  have 
your  meeting  participants  gather  around  your  notebook  screen. 

Bottom  line:  There’s  great  potential  in  this  pico  projector  space  —  hope¬ 
fully  the  technology  will  allow  for  brighter  projection  and  louder  volume. 
The  size  certainly  works  well  for  extremely  mobile  workers  who  want  to 
ditch  a  heavier  projector,  and  can  accept  the  other  limitations. 

Grade:  -kit-ki  (out  of  five). 

The  scoop:  showTIME  Audio/ Video  Cable  for  iPod  and 
iPhone,  about  $40,  by  Scosche 

What  it  is:  An  audio/video  cable  with  compos¬ 
ite  (RCA)  jacks  that  connect  to  a  standard  TV  input, 
and  a  universal  docking  adapter  that  connects  to 
your  iPod,  iPod  touch  or  iPhone.  You  can  watch 
videos  or  listen  to  music  from  your  iPod  or  iPhone 
on  the  TV,  utilizing  the  bigger  screen  and  better  speakers. 

Why  it’s  cool:  These  cables  are  an  easy  way  to  show  those  files  on  a  TV, 
or  even  to  play  music  through  the  TV’s  speakers.  Connecting  them  is  easy, 
and  the  ports  are  made  of  high-quality  tapered  metal.  Scosche  also  makes 
cables  that  connect  to  high-definition  TVs  via  component  inputs  ($50).  A 
newer  cable  includes  a  port  that  lets  you  recharge  your  iPhone  as  well. 

Grade:  ★★★★ 

Shaw  can  be  reached  at  kshaw@nww.com.  Follow  him  on  Twitter  at 
http://twitter.com/shawkeith. 
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i?LLAI<  UlUIlt  I  to  1  APPLE  SNOW  LEOPARD  SERVER 

A  faster,  smoother  breed  of  cat 

Mac  OS  X  10.6  features  several  new  collaboration,  multimedia  applications 


BY  TOM  HENDERSON  AND  BRENDAN  ALLEN,  EXTREMELABS 


n  the  surface,  Apple’s  Snow  Leopard  Server  feels  like  a  $499 
maintenance  release,  but  underneath,  there’s  much  more  — 
improved  performance,  more  polish,  and  new  apps  focused  on 
collaboration  and  content  sharing. 

Apple’s  new  installation  routine  for  Snow  Leopard  (Mac  OS  X 
10.6)  improves  upon  Leopard’s  (Mac  OS  X  10.5)  Easy  and  Advanced  instal¬ 
lation  choices.  With  Snow  Leopard,  choices  are  clearer,  and  fresh  installa¬ 
tions  usually  make  prudent  default  choices. 

We  easily  installed  the  new  Address  Book  Server,  updated  Mail,  a  new 
Mobile  Access  Server,  WiKi  service,  an  iCal(endaring)  server,  iChat  server, 
filesharing  and  backup  server  (an  update  to  Apple’s  Time  Machine  soft¬ 
ware).  After  the  applications  are  installed,  we  had  to  configure  service, 
users,  groups  and  the  like  on  a  fresh  installation,  but  an  upgrade  from 
Leopard  requires  little  settings  work. 

We  were  happy  to  find  tough  password  policies  available  for  user 
accounts,  but  not  so  pleased  to  find  that  the  administrator  password  could 
be  very  weak  by  default. 

The  Address  Book  server  application,  which  allows  multiple  comput¬ 
ers  to  share  contacts,  is  new.  It  joins  with  directory  services  (Apple’s  Open 
Directory,  and  Microsoft’s  Active  Directory  via  open  source  Samba)  rather 
than  be  an  extension  of  Open  Directory.  Address  Book  is  compatible  with 
Zimbra  open  source  e-mail,  and  is  modeled  after  WebDAV,  as  an  XML- 
based  extension  of  the  venerable  vCard.  It  stores  vCards  outside  of  the 
directory  service. 

The  Address  Book  server  isn’t  backwards  compatible  with  Leopard, 
because  the  protocol  it’s  based  on,  CardDAV,  didn’t  exist  when  Leopard 
was  developed.  Users  can  merge  their  contacts  into  the  server  easily 
enough  —  if  they’re  Snow  Leopard  users. 

Apple  adds  a  new  service  to  Snow  Leopard,  the  Mobile  Access  server,  a 
“VPN-less”  authenticated/encrypted  entry  method  that’s  designed  to  sync 
iPhones  and  Mac  clients  to  their  address  books,  mail,  and  other  internal 
resources.  Advanced  connections  can  be  completed  through  Apple’s 
L2TP/IPSec-based  (or  old-fashioned  PPTP)  VPN  connectivity. 

Similarly,  another  new  application,  the  iPhone  Configuration  utility,  can 
provision  and  synchronize  a  fleet  of  iPhones.  As  we  don’t  use  iPhones,  we 
were  unable  to  test  the  Mobile  Access  Server’s  iPhone  accessibility  and  the 
applications  don’t  work  with  other  mobile  operating  systems,  although 
third  parties  may  be  able  to  offer  this  for  other  phones  in  the  future.  None¬ 
theless,  it’s  the  first  time  any  of  the  operating  system  vendors  have  paid 
much  attention  to  fleet  mobile/cell  provisioning,  aside  from  Research  in 
Motion’s  primitive  BlackBerry  message  servers. 

Podcast  Producer  2  is  an  updated  server  application  that  benefits  from 
Apple’s  Xgrid  compute  clustering  application.  Xgrid  processes  workflows 
(often  things  such  as  media  encoding)  either  on  the  host  server  or  on  other 
Apple  MacOS  machines. 

In  MacOS  10.5,  Xgrid  is  difficult  to  make  workable  on  distributed  Mac 
(server  or  client)  hardware  unless  one  has  advanced  integration  skills  — 
and  is  willing  to  troubleshoot  error  logs  until  the  application  works.  On 
Leopard,  it  took  us  nearly  a  day  to  work  through  and  troubleshoot  all 
of  the  elements  of  the  distributed  processing  of  Podcast  Producer  and 
Xgrid. 

Snow  Leopard,  by  contrast,  takes  Podcast  Producer  2  with  updated 
Xgrid  2  and  installs  a  workable  version  that’s  capable  of  distributed  pod¬ 
cast  encoding  in  about  five  minutes,  doing  all  of  the  homework  and  con¬ 
nectivity  bits  itself,  painlessly. 

A  similar  example  of  better  “fit  and  finish”  is  Podcast  Composer,  which 


NETRESULTS 

Product 

Apple  MacOS  X  10.6 

Vendor 

Apple 

www.apple.com/server/macosx/ 

Price 

$499  for  unlimited  users 

Pros 

Faster,  built  for  more  capacity; 
very  multimedia,  social 
media-focused  workflow. 

Cons 

No  longer  supports  PowerPC 

CPU  servers,  some  bugs 
but  being  rapidly  fixed. 

Score 

4.0 

SCORECARD 


Product 

Apple  MacOS  X  10.6 
(Snow  Leopard) 

Action 

Weight 

Score 

Installation/integration 

25% 

4.5 

Performance 

25% 

4 

Management/ 

administration 

25% 

4 

Security 

25% 

3.5 

Total  score 

4.0 

SCORING  KEY:  5:  EXCEPTIONAL:  4:  VERY  GOOD;  3:  AVERAGE: 
2:  BELOW  AVERAGE;  1:  SUBPAR  OR  NOT  AVAILABLE 


allows  easy  creation  of  Podcast  Producer  2  workflows,  compared  with  the 
MacOS  10.5  version’s  way  of  creating  workflows  by  hand. 

It’s  important  to  note  that  Snow  Leopard  does  not  run  on  older  Apple 
servers  running  G4/G5  (IBM  PowerPC)  processors.  In  a  sense  this  is  a 
plus,  because  once  installed  onto  newer  Intel-based  Apple  hardware,  the 
Snow  Leopard  operating  system  footprint  shrinks  by  several  gigabytes, 
because  PowerPC  code  is  deleted. 

With  the  dumping  of  PowerPC  server  support  code,  Apple  has  made 
several  fundamental  changes  to  MacOS  in  terms  of  memory  management 
models  and  in  capacity  performance  for  applications.  Thus,  performance 
improves. 

Like  all  Apple  operating  systems,  Snow  Leopard  is  captive  to  Apple’s 
hardware,  which  is  limited  to  lU-sized  Apple  Xservers  (and  hefty  MacPro 
desktops).This  means  there  are  no  blade  variations  or  4U/16-core  muscle 
machines,  like  HP’s  DL580/585  G5  servers.  Nonetheless,  Apple’s  Snow 
Leopard  performed  faster  than  its  predecessor.  Leopard  10.5.8,  in  our  test¬ 
ing,  due  to  some  of  these  operating  systems  enhancements. 

Improved  administration 

Administration  is  somewhat  improved  with  Snow  Leopard.  Apple’s  Server 
Preferences  administrative  application  in  Leopard  was  available  only  if 
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Advanced  wasn’t  chosen;  we  haven’t  used  them  subsequently  because 
Server  Preference  choices  had  no  depth  and  were  superficial. 

In  Snow  Leopard,  simple  basic  administrative  choices  can  be  performed 
in  Server  Preferences,  but  aren’t  likely  to  be  used  by  very  many  admin¬ 
istrators.  We  wonder  why  it’s  still  around,  save  that  it’s  a  safe  choice  for 
small,  civilian-run  networks.  Server  Admin  still  does  most  of  the  work  of 
managing  the  MacOS  server  system  and  its  services. 

Performance  inside  performance 

Apple  attempts  to  achieve  scale  for  its  applications  via  something  called 
“Grand  Central  Dispatch”  (GCD).  The  idea  behind  GCD  is  to  more  effi¬ 
ciently  use  multicore  processor  resources  by  aiding  parallelism  in  appli¬ 
cations  across  processors. 

The  technical  explanation  of  GCD  is  simple,  and  programs  don’t  nec¬ 
essarily  have  to  be  specifically  GCD-enabled  to  benefit  from  GCD  par¬ 
allelism,  although  it  helps.  Sitting  in  userspace,  the  GCD  is  designed  to 
allow  Apple’s  Snow  Leopard  to  be  more  efficient  in  its  use  of  memory  and 
resources  for  programming  needs. 

It  does  this  by  allowing  applications  that  can  sense  the  GCD  to  spawn 
threads  that  are  very  small,  compared  with  other  operating  system  (espe¬ 
cially  Linux)  schemes.  Applications  that  simply  use  GCD-enabled  services, 
such  as  Apache  or  file  services,  also  get  a  boost  from  more  efficient  MacOS, 
GCD-enabled  infrastructure.  Apple  released  GCD  code  to  open  source  devel¬ 
oper  trees  under  the  Apache  and  MIT  licenses  after 
MacOS  10.6/Snow  Leopard  was  released. 

Perhaps  as  a  consequence  of  the  now-removed 
PowerPC  support,  MacOS  10.6  can  take  advan¬ 
tage  of  differing  memory  models  (64-bit)  which  we 
believe  helped  in  our  SPECjbb2005  test.  SPEC’s 
JBB  test  is  an  emulation  of  a  business  application 


using  Java  that  delivers  a  result  in  Business  Operations  per  Second  (BOP). 

In  an  apples-to-apples  comparison.  Snow  Leopard  is  4%  faster  than 
Leopard.  Add  in  the  ability  to  use  large  memory  pages,  and  the  figure  is  21% 
more  BOPs.  When  we  lowered  the  available  total  memory  but  increased 
the  number  of  Java  Virtual  Machines  servicing  SPECjbb2005,  the  large 
memory  size  helped  but  it  didn’t  appear  as  though  the  new  GCD  helped 
performance  in  this  benchmark. 

Conclusion 

Snow  Leopard/MacOS  10.6  isn’t  a  blockbuster.  It  has  a  few  new  applica¬ 
tions  that  aren’t  likely  to  start  an  Internet  storm.  The  updates  to  the  existing 
applications  are  the  polish  of  this  version,  one  that  quietly  fixes  and  aug¬ 
ments  the  applications. 

Apple  G4/G5  users  will  likely  feel  a  bit  bruised  by  omission  of  support 
or  upgrades  to  this  version,  but  Apple  at  some  point  knew  it  would  have 
to  cut  off  support.  Cross-platform  support  was  very  good  in  Leopard,  but 
applications  have  started  to  drift  into  PowerPC-support  and  Intel-support 
CPU  factions,  with  Intel  rapidly  winning  by  Apple’s  choice. 

There  is  no  reason  not  to  retrofit  Snow  Leopard  into  an  existing  Leopard- 
based  environment. 

The  price  at  $499  is  reasonable  ($29  if  upgrading  from  Leopard),  but 
made  more  expensive  by  captivity  to  Apple’s  comparatively  pricey  server 
hardware.  As  a  plug-and-play  combination,  Apple’s  controlled  Snow 

Leopard  environment  provides  a  seamless 
experience.  ■ 


Go  online: 

View  a  slideshow  of  what  we  loved  and 
hated  about  Snow  Leopard  Server: 
http://tinyurl.com/yzs43hh 


Henderson  is  principal  researcher  and  Allen 
is  a  researcher  for  ExtremeLabs  in  India¬ 
napolis.  They  can  be  reached  at  thenderson@ 
extremelabs.com. 
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CLEAR  CHOICE  TEST  SONICWALL  UTM 

Powerful  security  tool  for  under  $1K 

SonicWall  TZ  200,  TZ  210  firewalls  deliver  advanced  features  for  the  SMB  market 

BY  JOEL  SNYDER 


onicWall  recently  shipped  six  new  firewalls  to  replace  the  low- 
end  of  their  product  line.  We  tested  the  TZ200  and  TZ210,  which 
feature  802.11n  wireless  integration,  Cavium  Networks’  Octeon 
chips  and  SonicOS  Enhanced  v5.5  software. 

The  result  is  a  less-than-$l,000  firewall  that  provides  a  sub¬ 
stantial  set  of  useful  features,  including  integrated  SSL  VPN,  integrated  in- 
the-cloud  antispam  service,  and  several  new  reliability  options  designed 
to  increase  uptime  and  performance. 

In  our  testing,  we  found  that  the  TZ210  delivers  more  than  125Mbps  of 
pure  firewall  power,  although  there  is  a  significant  slowdown  when  all  uni¬ 
fied  threat  management  (UTM)  features  are  enabled.  Still,  this  makes  the 
TZ210,  and  its  slightly  smaller  brother,  the  TZ200,  an  excellent  choice  for 
solid  UTM  coverage  well  within  the  bandwidth  requirements  of  small  and 
midsize  businesses. 

The  TZ200  costs  $400  to  $450  (with  Wi-Fi)  while  the  TZ210  is  priced 
at  $600  to  $750  (again  depending  on  whether  or  not  you  want  Wi-Fi).  The 
TZ200  and  TZ210  are  sold  without  per-user  or  per-node  limits,  and  are 
normally  sold  with  a  year’s  software  support,  content  filtering,  antimal¬ 
ware  and  IPS  subscription  for  about  $150  to  $200  a  year. 

Presumably  the  bigger  price  differential  on  the  TZ210  hardware  is 
because  of  the  more  powerful  Wi-Fi.  The  main  theoretical  advantage  of 
the  TZ210  wireless  is  a  longer  reach  and  more  immunity  from  noise,  not 
higher  performance. 

The  hardware  in  both  devices  was  rock-solid  for  us,  and  we  did  abuse  it 
by  shipping  it  to  Europe  for  part  of  our  testing,  then  bringing  it  back  to  the 
United  States  for  the  remainder.  Not  even  a  peep  of  protest  from  the  hard¬ 
ware.  Both  units  are  fanless  and  use  an  external  power  supply.  Another 
pleasant  surprise:  the  power  supply  connector  has  a  locking  tab  that  firmly 
attaches  it  to  the  firewall,  resolving  a  long-standing  complaint  with  the 
traditional  coaxial  connector  that  is  so  easily  tugged  out. 

Feature  roundup 

►  Firewall:  Existing  customers  using  SonicWall’s  previous  generation 
of  small  firewalls  will  see  a  new  GUI,  but  the  firewall  function  and  style  is 
unchanged  from  previous  versions. 

►  Network  Address  Translation:  SonicOS  5.5  continues  to  have  a  ver^ 
satile  but  confusing  view  of  NAT.  Unlike  other  firewalls  that  integrate  the 
access  control  policies  and  NAT  into  a  single  view,  which  we  find  to  be  a 
conceptually  simpler  way  to  deal  with  NAT  in  most  networks,  SonicOS 
continues  to  separate  them,  much  to  the  confusion  of  anyone  who  might 
want  to  understand  and  edit  the  NAT  policies. 

►  Wireless:  One  of  the  hot  new  features  of  the  TZ200  and  TZ210  fire¬ 
walls  is  their  802.11n  Wi-Fi  capability.  These  built-in  Wi-Fi  radios  bring 
very  high  performance  wireless  without  adding  significantly  to  the  cost. 

The  TZ200  and  TZ210  have  a  highly  constrained  approach  to  wireless, 
offering  a  simple  configuration  with  basic  options  and  only  a  few  bells  and 
whistles.  While  the  TZ200  and  TZ210  do  offer  good  guess  access  features 
on  both  wireless  and  wired,  they  don’t  have  other  features  that  we’ve  come 
to  expect  from  small  wireless  firewalls  in  this  product  category  such  as 
multiple  SSIDs  to  separate  out  guest  from  corporate  users. 

The  built-in  802. lln  wireless  radio  should,  in  theory,  offer  up  to 
300Mbps  of  bandwidth  —  but  SonicWall’s  specifications  don’t  trumpet 
that  number  for  good  reason.  As  with  all  Wi-Fi,  though,  take  these  num¬ 
bers  with  a  grain  of  salt.  In  our  TCP-based  performance  testing,  we  were 
only  able  to  drive  the  TZ210  wireless  up  to  about  64Mbps  with  four  802.11n 
stations  —  which  consumed  100%  of  the  CPU  of  the  TZ210.  We  found  that 
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Products 

SonicWall  TZ200  and  TZ210 

Vendor 

SonicWall,  www.SonicWall.com 

Price 

$400  to  $750  (depending 
on  model  and  options) 

Pros 

Easy  initial  setup:  integrated 
wireless;  broad  set  of  UTM  features 
including  antimalware,  content 
filtering  and  IPS;  considerable 
security  configuration  flexibility: 
cloud-based  antispam;  application 
firewall  (TZ210  only). 

Cons 

Security  policy  and  NAT  difficult 
in  a  multi-zone  environment; 
wireless  not  very  flexible 
and  performance  limited. 

Score 

3.83  and  3.78 

SCORECARD 


Products 

SonicWall  TZ200 
and  TZ210 

Action 

Weight 

TZ200 

TZ210 

Performance 

25% 

3.5 

3.5 

UTM  features 

30% 

4 

4 

VPN 

15% 

4 

4 

Hardware  architecture 
and  wireless 

10% 

4 

3.5 

Management 

15% 

3.5 

3.5 

Power  usage/green 

5% 

4.5 

4.5 

Total  score 

3.83 

3.78 

SCORING  KEY:  5:  EXCEPTIONAL;  4:  VERY  GOOD;  3:  AVERAGE; 
2:  BELOW  AVERAGE;  1:  SUBPAR  OR  NOT  AVAILABLE 


the  TZ200,  with  its  20%  slower  CPU,  also  maxed  out  at  about  51Mbps  with 
multiple  802.11n  stations.  Because  the  SonicWall  TZ200  and  TZ210  seem 
to  be  CPU-bound  for  wireless,  we  suggest  configuring  for  20MHz  wireless 
channels,  which  didn’t  reduce  total  throughput  in  our  testing,  but  would 
be  more  “friendly”  to  other  wireless  equipment  in  the  area. 

The  TZ200  and  TZ210  also  can  act  as  wireless  switches,  controlling 
SonicWall’s  external  wireless  device,  the  SonicPoint-N,  a  $400  managed 
access  point.  (The  TZ200  can  manage  two;  the  TZ210  as  many  as  16).  These 
are  SonicWall’s  best-kept  secrets,  a  managed  wireless  LAN  similar  to  Cisco 
or  Aruba  Networks’  wireless  switch  and  access  point  technology,  but  at  a 
fraction  of  the  price. 

►  Advanced  threat  mitigation  features:  With  the  new  TZ200  and 
TZ210,  SonicWall  is  continuing  its  power  push  into  the  UTM  feature  set. 
In  addition  to  the  existing  content  filtering,  IPS  and  antimalware  tools,  this 
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version  of  SonicOS  brings  SonicWall’s  application  firewall  (TZ210  only) 
and  antispam  service  to  the  SMB  marketplace. 

We  tested  anti  malware  by  taking  the  15  most  recent,  unique  viruses 
that  were  in  our  corporate  antivirus  quarantine  and  trying  to  resend  them 
through  the  TZ210  firewall.  Out  of  the  15  viruses,  the  TZ210  identified  13. 

Our  experience  with  SonicWall’s  Application  Firewall  was  less  positive. 
Although  the  application  firewall  definitely  performed  as  advertised,  we 
found  it  difficult  to  use  and  hard  to  trust.  The  application  firewall  is  a  new 
feature  to  this  product  line  that  lets  the  network  manager  build  policies 
based  on  very  deep  inspection  of  mail  (SMTP,  POP  and  IMAP),  FTP  and 
HTTP  protocols,  as  well  as  SonicWall’s  IPS  signatures.  For  example,  traffic 
can  be  caught  based  on  the  subject  line  of  an  e-mail. 

Once  the  application  firewall  picks  out  traffic,  you  can  then  apply  poli¬ 
cies,  including  simply  blocking  the  traffic,  or  using  more  sophisticated 
actions,  such  as  blocking  e-mail  attachments,  adding  text  to  messages, 
blocking  or  redirecting  HTTP  pages,  and  applying  bandwidth  man¬ 
agement.  Policies  have  a  variety  of  other  qualifiers  as  well,  such  as  IP 
addresses,  zones,  username  and  group  membership,  and  time  of  day. 

As  we  quickly  discovered,  not  every  action  is  supported  with  every 
content  match  and  with  every  protocol.  SonicWall  provides  a  very  good 
tutorial  on  the  application  firewall  with  numerous  examples  of  ways  to 
use  this  to  enforce  policy  compliance,  which  is  a  must-read  if  you  want  to 
really  understand  what  is  going  on.  Although  you  only  can  define  a  very 
limited  number  of  policies  —  five  in  the  case  of  the  TZ210  we  tested  —  each 
policy  is  very  powerful. 

►  Antispam:  The  last  new  security  feature  we  tested  on  the  TZ210  was 
SonicWall’s  antispam  service.  This  is  an  in-the-cloud  offering  that  uses  the 
firewall  to  redirect  traffic  to  the  antispam  service,  which  filters  content,  and 
then  sends  the  non-spam  e-mail  back  to  your  local  mail  server. 

Using  a  combination  of  firewall  and  NAT  policies  and  some  internal 
smarts,  the  TZ210  simply  redirects  connections  to  their  service,  which 
lets  you  turn  on  and  off  the  antispam  quickly  while  testing.  The  SonicWall 
antispam  service  isn’t  a  complete  in-the-cloud  offering  because  you  must 
provide  your  own  quarantine  server  if  you  want  to  quarantine  suspected 
spam,  viruses  and  phishing  messages. 

We  did  not  have  an  opportunity  to  test  the  effectiveness  of  the  antispam 
service  on  a  production  mail  stream.  However,  we  did  set  up  the  antispam 
service  and  found  it  easy  to  install  with  very  little  aggravation  —  as  long  as 

Throughput  test  results 

Raw  speed  is  excellent,  but  turning  on  advanced  features  slows 

down  the  UTM  considerably 

TZ210,  raw  speed  -  125.6  Mbps 

TZ200,  raw  speed  -  96.9  Mbps 

Mbps 
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you  have  a  very  simple  setup  with  a  single  mail  server,  a  small  number  (five 
or  less)  of  domains  you  want  to  filter,  and  a  willingness  to  let  your  mail  fly 
out  into  the  cloud  unprotected. 

►  SSL  VPN:  The  TZ200  comes  with  a  one-user  license,  expandable  to 
10  users,  while  the  TZ210  comes  with  a  two-user  license,  expandable  to 
10  users. 

This  isn’t  in  the  same  league  as  SonicWall’s  enterprise-class  SSL  VPN 
appliance  it  added  to  its  portfolio  when  the  company  purchased  Aventail 
in  2007;  it’s  a  simple  network  extension  that  is  a  competitor  to  IPsec  VPN 
(also  included  with  each  device  if  you  insist)  for  remote  access. 

The  SSL  VPN  is  easy  to  add  and  configure.  Users  appear  in  the  SSL  VPN 
as  if  they  were  in  a  new  zone,  so  you  simply  write  normal  zone-based  fire¬ 
wall  rules  to  define  your  access  controls.  The  SSL  VPN  includes  a  simple 
portal  that  can  be  used  to  launch  or  download  the  Java-based  SSL  VPN 
client  (available  for  Windows,  Macintosh  and  Linux  operating  systems). 

A  small  set  of  SSL  VPN  specific  settings,  such  as  whether  to  use  split 
tunneling,  whether  clients  can  communicate  with  each  other  or  whether 
the  username  and  password  can  be  saved,  are  about  all  you  need  to  worry 
about  to  set  up  the  SSL  VPN. 

Performance 

For  raw  speed,  without  UTM  features  enabled,  the  TZ210  turned  in 
a  goodput  of  118Mbps  using  a  typical  Internet  traffic  mix,  with  a  total 
throughput  of  126Mbps;  the  TZ200  91Mbps  goodput  and  97Mbps 
throughput.  Goodput  measures  only  application  layer  data,  while 
throughput  also  includes  header  information.  Most  vendors  quote 
throughput  numbers  in  their  performance  stats,  but  goodput  is  a  better 
measure  of  what  you’ll  actually  see  at  the  end  system.  Both  devices  beat 
their  data  sheet  numbers  easily. 

When  we  turned  on  UTM  features,  performance  —  as  expected  —  was 
dramatically  affected.  SonicWall  does  not  really  distinguish  between 
server-  and  client-side  IPS,  so  we  tested  IPS  with  and  without  the  applica¬ 
tion  firewall  to  see  a  range  of  performance.  The  TZ210  slowed  down  about 
35%  while  the  TZ200  only  dropped  about  12%.  In  fact,  the  TZ200  outper¬ 
formed  the  TZ210  in  pure  IPS  throughput,  a  result  that  SonicWall  wasn’t 
able  to  easily  explain. 

With  antimalware  enabled,  we  saw  a  more  significant  drop  in  both  sys¬ 
tems  to  about  the  same  speed:  approximately  13Mbps.  That’s  a  nearly  90% 
performance  hit  for  the  TZ210,  and  86%  hit  on  the  TZ200.  We  discussed 
these  UTM  results  at  length  with  SonicWall’s  product  management  team. 
Although  they  were  at  first  very  surprised  by  the  results,  they  were  able  to 
confirm  them  in  their  own  test  lab. 

Our  testing  shows  that  SonicWall  has  done  a  great  job  of  providing  a 
high-speed  firewall  in  a  small  package.  However,  UTM  capabilities,  espe¬ 
cially  antimalware,  continue  to  be  difficult  performance  challenges.  Net¬ 
work  managers  who  want  to  make  use  of  antivirus  at  the  gateway  should 
be  careful  to  limit  their  performance  exposure  by  only  protecting  the  traffic 
they  think  is  likely  to  be  infected  with  malware. 

Because  the  TZ2GO  and  TZ210  run  nearly  identical  firmware,  net¬ 
work  managers  who  are  looking  for  simple  firewalling  probably  won’t 
find  much  reason  to  jump  to  the  higher  price/performance  point  of  the 
TZ210.  If  some  of  the  advanced  features  of  the  TZ210,  especially  the 
application  firewall,  are  important,  those  certainly  differentiate  the  two 
models.  Similarly,  the  reach  and  noise  resistance  of  the  TZ210  wireless 
is  likely  to  be  better  than  the  TZ200,  and  that  could  be  a  reason  to  go  for 
the  higher-end  model.  ■ 

Snyder  is  a  senior  partner  at  Opus  One,  a  consulting  firm  in  Tucson,  Ariz. 
He  can  be  reached  at  jms@opusl.com. 


■  GO  ONLINE  for  the  complete  SonicWall  UTM  review: 

http://tinyurl.com/yjqckph. 
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BACKSPIN  BY  MARK  GIBBS 


The  Craziness  Pandemic,  Part  I 


GLOBAL  PANDEMICS  ARE  definitely  something 
to  worry  about.  Consider  the  impact  that  swine 
flu  is  already  having  on  your  organization ...  and 
the  regular  seasonal  flu  is  still  some  weeks  away  from  hitting  us. 

In  fact,  check  out  Google’s  Flu  Trends;  this  predicts  the  impact  of  influ¬ 
enza  from  the  analysis  of  search  terms  and  it  looks  like  we’re  two  months 
ahead  of  the  2003-2004  season,  the  worst  flu  season  in  the  last  decade. 

But  global  pandemics  aren’t  limited  to  disease.  Oh  no,  it  appears  that  a 
pandemic  of  weirdness  is  also  going  global. 

For  example,  a  Japanese  airline,  All  Nippon  Airways  (ANA,)  is  asking  its 
passengers  to  relieve  themselves  prior  to  departure  on  the  theory  that  this 
will  make  them  lighter  passengers,  which  will  result  in  lighter  aircraft  and 
thereby  lower  the  airline’s  fuel  use  and  carbon  emissions. 

Thanks  to  Google,  I  have  found  that  the  average  bladder  holds  between 
0.6  and  2.1  pints.  Let’s  take  the  middle  of  that  range  which,  when  filled 
with  what  we  shall  refer  to  as  “liquid”  would  weigh  around  1.7  pounds. 
My  extensive  research  also  reveals  that  the  average  person  produces  just 
over  half  a  pound  of  poop  per  day,  so  a  fully  “laden”  passenger  would  be 
carrying  about  2.2  extra  and  disposable  pounds. 

I  worked  out  that  the  average  ANA  plane  carries  293  people,  which  is 
close  to  the  capacity  of  the  Boeing  777-200ER  (a  plane  in  the  ANA  fleet). 
Let’s  assume  a  worst  case:  That  every  passenger  is  “fully  loaded”  upon 
boarding,  which  would  be  an  extra  641  pounds  at  takeoff.  As  the  Boeing 
777-200ER  has  a  minimum  takeoff  weight  of 315,000  pounds  the  excess 
“baggage”  would  amount  to,  at  worst,  just  0.2%  of  the  plane’s  weight! 

Moreover,  as  the  777-200ER  has  a  maximum  fully  loaded  range  of  7,700 
nautical  miles  and  assuming  a  direct  relationship  between  weight  and 
range,  the  disposable  weight  would  amount  to  around  $186  of  jet  fuel  (92 
gallons  at  $2.02  per  gallon)  or  about  $0.63  per  passenger. 


ANA  flew  some  50  million  passengers  last  year  so  the  theoretical  sav¬ 
ings  amount  to  a  maximum  of  just  less  than  $32  million.  I  say  “theoretical” 
because  obviously  not  every  passenger  will  have  failed  to  go  before  takeoff 
and,  as  with  all  “savings  by  aggregation”  exercises,  it  is  assumed  that  these 
savings  are  actually  realizable.  The  problem  is  that  when  you’re  dealing 
with  something  measured  in  hundreds  of  thousandths  of  a  dollar,  you  are 
in  rounding  error  territory  and  most  likely  kidding  yourself. 

Here’s  the  really  crazy  part:  ANA  claims  the  savings  will  reduce  their 
contribution  to  greenhouse  gasses  by  around  just  60  tons  per  year. 

Again,  assuming  that  there’s  a  direct  relationship  between  carbon  out¬ 
put  and  aircraft  weight  then  the  emission  savings  also  amount  to  0.2%  of 
the  airline’s  total  output,  which  is  therefore  around  3  million  tons  per  year, 
making  60  tons  a  veritable  drop  in  the  bucket. 

I  know  every  little  bit  helps  but  ANA  probably  created  many  more  tons 
of  carbon  emissions  just  circulating  internal  memos  on  the  plan.  Maybe, 
this  is  all  a  PR  stunt  but  I  doubt  it.  I  think  it’s  an  outbreak  of  craziness. 

If  ANA  was  serious  about  its  carbon  “footprint”  you’d  think  it  would  get 
serious  and  its  planes  wouldn’t  carry  sodas  or  alcohol  and  only  a  limited 
amount  of  water  per  passenger  (“Sorry  sir,  you’ve  had  your  thimble-full 
but  feel  free  to  lick  the  condensation  off  the  windows”). 

There  would  also  be  no  in-flight  food  of  any  kind,  the  food  service  equip¬ 
ment  would  be  jettisoned  along  with  the  on-board  toilets,  there  would  be 
no  in-flight  magazines,  the  stuffing  would  be  taken  out  of  the  seats,  you 
wouldn’t  be  allowed  to  bring  any  magazines,  books,  iPods  or  laptops  on 
board  and  passengers  would  be  required  to  travel  in  their  underwear 
—then  you’d  see  some  real  carbon  footprint  reduction.  ■ 

Gibbs  hopes  he  has  developed  immunity  to  craziness  in  Ventura,  Calif.  If 
you've  spotted  an  outbreak,  let  me  know  at  backspin@gibbs.com. 
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EFF  launches  Takedown  Hall  of  Shame’ 


THE  ELECTRONIC  FRONTIER  Foundation  last 
week  aimed  a  historically  potent  weapon  —  the 
spotlight  of  public  shame  —  at  those  corpora¬ 
tions  and  individuals  who  abuse  copyright  claims  to  stifle  free  speech. 

Explains  EFF  Senior  Staff  Attorney  Corynne  McSherry:  “Free  speech  in 
the  21st  century  often  depends  on  incorporating  video  clips  and  other  con¬ 
tent  from  various  sources.  It’s  what  ‘The  Daily  Show’  with  Jon  Stewart  does 
every  night.  This  is  ‘fair  use’  of  copyrighted  or  trademarked  material  and 
protected  under  U.S.  law.  But  that  hasn’t  stopped  thin-skinned  corporations 
and  others  from  abusing  the  legal  system  to  get  these  new  works  removed 
from  the  Internet.  We  wanted  to  document  this  censorship  for  all  to  see.” 

The  organization’s  “Takedown  Hall  of  Shame”  will  be  updated  regularly. 
Among  the  first  group  of  inductees  are  National  Public  Radio  for  trying  to 
remove  a  YouTube  video  that  criticizes  same-sex  marriage;  NBC  for  tar¬ 
geting  an  Obama  campaign  video  and  CBS  for  going  after  one  from  the 
McCain  campaign.  Also  “dishonored”  are  radio  blowhard  Michael  Sav¬ 
age;  election  bungler  Diebold;  the  endlessly  discredited  “paranormalist” 
Uri  Geller;  and  even  the  Professional  Rodeo  Cowboys  Association,  which 
apparently  has  donned  a  black  hat  on  such  matters.  Who  knew? 

The  Hall  of  Shame  is  part  of  EFF’s  “No  Down  Time  for  Free  Speech” 
campaign. 

The  organization  has  been  active  of  late  when  it  comes  to  launching  Web 
sites  that  focus  on  specific  issues;  for  example:  TOSBack,  which  tracks 
changes  in  Web  site  terms  of  service  so  that  you  don’t  have  to;  Surveillance 
Self-Defense,  which  offers  advice  on  keeping  prying  eyes  off  of  your  elec¬ 
tronic  information;  and,  of  course,  its  longstanding  and  highly  effective 
Patent  Busting  Project.  They  do  good  work. 


A  wise  reversal  in  TD  Ameritrade  case 

A  federal  judge  last  week  rejected  a  class-action  lawsuit  settlement  that 
would  have  seen  TD  Ameritrade  escape  with  less  than  a  wrist  slap  in  an 
egregious  data-breach  case  that  touched  as  many  as  6  million  customers 
and  should  call  for  at  least  a  public  flogging. 

U.S.  District  Judge  Vaughn  Walker  in  San  Francisco  ruled  that  the  agree¬ 
ment,  which  he  had  granted  preliminary  approval  earlier  this  year,  actu¬ 
ally  offers  so  little  benefit  to  those  who  had  personal  information  exposed 
that  he  could  not  abide  giving  it  a  final  stamp.  As  we  first  reported  on  Buzz- 
blog  more  than  two  years  ago,  TD  Ameritrade  received  repeated  warnings 
from  IT  security  experts  that  it  had  been  victimized  by  hackers  and  that 
personally  identifiable  information  of  its  customers  had  been  comprised. 

A  subsequent  class-action  lawsuit,  spearheaded  by  computer  consultant 
Matthew  Elvey,  was  settled  out  of  court  by  attorneys  for  both  sides  —  an 
agreement  Elvey  rejected  and  data-breach  experts  criticized  as  sending  the 
wrong  message  because  it  offered  no  real  compensation. 

Public  Citizen,  which  backed  Elvey,  issued  this  statement  after  the 
judge’s  most  recent  decision:  “The  company’s  offer  to  provide  its  clients 
with  a  one-year  subscription  to  anti-spam  software  would  do  nothing  to 
protect  customers  from  identity  theft  and  would  be  useless  to  those  who 
already  have  anti-spam  software  or  could  obtain  similar  protection  for  free. 
. . .  Ameritrade  should  not  get  off  the  hook  for  its  massive  security  breach 
until  it  comes  clean  with  its  clients  and  shows  it  has  fixed  the  problem.” 

Don’t  hold  your  breath,  but  at  least  the  judge  has  sent  a  message  indicat¬ 
ing  that  more  must  be  done  to  make  amends.  ■ 

Have  a  hall  nominee?  The  address  is  buzz@nww.com. 
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The  end  of  phone  tag.  Turn  your  desk  phone  and  mobile  phone  into  one  with 
Sprint  Mobile  Integration.  You’ll  have  one  number,  one  voicemail  and  one  easy  way  to  control 
mobile  usage.  Simplify  the  way  your  company  stays  in  touch.  Make  it  easier  for  clients  to  reach 
you.  And  reduce  company  telecom  expenses.  Less  dialing,  happier  clients.  Productivity  starts  now. 
1-866-653-1056  sprint.com/convergence 
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What  happens  when  you  combine  familiar  Microsoft®1  Office  tools  with  the  robust  analysis  and  reporting  of  SQL  Server®2008  and 
the  information-access  and  sharing  capabilities  of  SharePoint®?  You  get  people  analyzing  data  from  multiple  sources  and  building 
reports  on  their  own.  Real-time,  informed  decision-making  without  the  intervention  of  IT?  Pretty  good  math,  by  any  standards. 

To  learn  more  about  how  better  decision-making  can  create  efficiencies,  go  to  itseverybodysbusiness.com/decision 


Snap  this  tag  to  learn  more 
about  better  decision-making 
or  text  DECISION  to  21710 

Get  the  free  app  for  your  phone  at 

http://gettag.mobi 
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